Hi Bert,
Hierbij de gegevens.
On the master:
~# pdnssec show-zone salzvideo.nl
Zone is not actively secured
Zone is not presigned
No keys for zone 'salzvideo.nl'.
On one of the slaves:
$ pdnssec show-zone salzvideo.nl
Zone is not presigned
Zone has hashed NSEC3 semantics, configuration: 1 0 1 ab
On Wed, Feb 17, 2016 at 03:47:57PM +, Marc van de Geijn wrote:
> Unfortunatly, the serial is updated on the master and synced to the slaves,
> but the slaves keep reporting the NSEC3 & RRSIG records. The master does not
> report these records when doing a AXFR from the slaves.
Can you show t
Hi,
On 17-02-16 14:38, bert hubert wrote:
> On Wed, Feb 17, 2016 at 02:12:51PM +0100, Nick Douma wrote:
>> What about the static debian package on the website? I assume updating
>> the OS libc package is not enough?
>
> Check with ldd /usr/sbin/pdns_server or /usr/sbin/pdns_recursor to see if
> y
Hi,
I was wondering what the best way is to remove Dnssec records from the slave
PDNS servers? Our master and slave DNS servers are all PowerDNS servers.
They are kept in sync using AXFR and are all on different locations.
At this moment it seems that when I disable Dnssec on the master for a
dom
On Wed, Feb 17, 2016 at 02:12:51PM +0100, Nick Douma wrote:
> What about the static debian package on the website? I assume updating
> the OS libc package is not enough?
Hi Nick,
Good question. It turns out our recent static packages in fact link to the
system libc. We call these 'semi-static', b
Hi,
On 17-02-16 13:56, bert hubert wrote:
> In short, this is a vulnerability not in PowerDNS products but in the Linux
> C library. This vulnerability could be exploited if it would be possible to
> relay specifically crafted records to Linux clients.
>
> Please let us know if you have further qu
Since yesterday we have been following and studying CVE-2015-7547. More
about which on
https://googleonlinesecurity.blogspot.nl/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
In short, this is a vulnerability not in PowerDNS products but in the Linux
C library. This vulnerability could be expl
