Re: [Pdns-users] DNSSEC UDP problems

Thanks I downgraded pdns without problems Met vriendelijke groet, Steffan Noord -Oorspronkelijk bericht- Van: Brian Candler Verzonden: dinsdag 9 maart 2021 16:12 Aan: steffanno...@gmail.com; 'pdns-users-ml' Onderwerp: Re: [Pdns-users] DNSSEC UDP problems On 09/03/2021 14:01, Steffan

Re: [Pdns-users] DNSSEC UDP problems

On 09/03/2021 14:01, Steffan via Pdns-users wrote: [powerdns-auth-master] name=PowerDNS repository for PowerDNS Authoritative Server - master branch baseurl=http://repo.powerdns.com/centos/$basearch/$releasever/auth-master For production use, you would be better with the "version 4.4.X" branch

Re: [Pdns-users] DNSSEC UDP problems

Oke thanxs. Then i will remove the dnssec from that domains 😊 Met vriendelijke groet, Steffan Noord -Oorspronkelijk bericht- Van: Pdns-users Namens Pieter Lexis via Pdns-users Verzonden: dinsdag 9 maart 2021 15:32 Aan: pdns-users@mailman.powerdns.com Onderwerp: Re: [Pdns-users] DNSSEC

Re: [Pdns-users] DNSSEC UDP problems

Hi, On 3/9/21 3:01 PM, Steffan via Pdns-users wrote: >> Are you actually using AXFR to transfer the zone to the nameservers? Or are > you using database replication? Because ALIAS live-signing is not > implemented, only signing on AXFR-out is implemented. This is in the > documentation I sent you

Re: [Pdns-users] DNSSEC UDP problems

Hi, > Running bleeding edge in production is not recommended. Although we haven't had big issues in the master branch for quite a while. Just keep that in mind :). Hm i just yum updated. [powerdns-auth-master] name=PowerDNS repository for PowerDNS Authoritative Server - master branch baseurl=ht

Re: [Pdns-users] DNSSEC UDP problems

Hi, On 3/9/21 2:44 PM, Steffan via Pdns-users wrote: > Hm that was a one time error > > Upgraded to: > pdns-4.5.0-0.alpha0.master.826.gd1a09d600.1pdns Running bleeding edge in production is not recommended. Although we haven't had big issues in the master branch for quite a while. Just keep th

Re: [Pdns-users] DNSSEC UDP problems

Hm that was a one time error Upgraded to: pdns-4.5.0-0.alpha0.master.826.gd1a09d600.1pdns Now no errors are found in the log Still the message Found 1 RRSIGs over DNSKEY RRset RRSIG=51602 and DNSKEY=51602/SEP verifies the DNSKEY RRset crazyforprint.nl A RR has value 19

Re: [Pdns-users] DNSSEC UDP problems

Hi Steffen, On 3/9/21 2:20 PM, Steffan via Pdns-users wrote: > Hm that explanes a lot 😊 > > expand-alias=yes was allready enabled > i now have outgoing-axfr-expand-alias=yes enabled and restarted pdns > > But it is still complaines abouth the A record > > Error resolving for crazyforprint.nl

Re: [Pdns-users] DNSSEC UDP problems

Hm that explanes a lot 😊 expand-alias=yes was allready enabled i now have outgoing-axfr-expand-alias=yes enabled and restarted pdns pdnsutil check-zone crazyforprint.nl Checked 5 records of 'crazyforprint.nl', 0 errors, 0 warnings. But it is still complaines abouth the A record Error resolvin

Re: [Pdns-users] DNSSEC UDP problems

Hi Steffen, On 3/9/21 1:35 PM, Steffan via Pdns-users wrote: > This domain is not using a A record > > But a ALIAS and CNAME > > Is that why dnssec failes? Yes, see https://doc.powerdns.com/authoritative/guides/alias.html#alias-and-dnssec Cheers, Pieter -- Pieter Lexis PowerDNS.COM BV -- htt

Re: [Pdns-users] DNSSEC UDP problems

Hi Steffan, Well, it clearly responds to a request for an A record... Can you tell us a bit more about this zone? What does "pdnsutil check-zone crazyforprint.nl " say? In general, it's a very bad idea to use CNAME records at the apex of a domain. Frank > On 9 Mar 20

Re: [Pdns-users] DNSSEC UDP problems

Hi Steffen, On 3/9/21 1:13 PM, Steffan via Pdns-users wrote: > Suddenly im getting DNSSE|C warnings. > Any idees what im missing here? > > When analysing the dns with dnsviz.net im seeing > > " The server(s) were not responsive to queries over UDP. > (2a00:1bd0:740:1:2::2, 2a00:1bd0:740:1:46::1

Re: [Pdns-users] DNSSEC UDP problems

This domain is not using a A record But a ALIAS and CNAME Is that why dnssec failes? Met vriendelijke groet, Steffan Noord Van: frank+p...@tembo.be Verzonden: dinsdag 9 maart 2021 13:34 Aan: steffanno...@gmail.com CC: pdns-users-ml Onderwerp: Re: [Pdns-users] DNSSEC UDP problems

Re: [Pdns-users] DNSSEC UDP problems

Hi Steffan, Sometimes the dnsviz.net debugger is quite complete but can be overwhelming at first. The Versisign Analyser can be easier to perform basic checks. https://dnssec-analyzer.verisignlabs.com/crazyforprint.nl. In this case, it seems the zone is not properly signed, but DS records are

Re: [Pdns-users] DNSSEC UDP problems

I dont think so Im getting warnings from SIDN validation failure : no signatures from 127.0.0.1 IPv6 address rec Met vriendelijke groet, Steffan Noord -Oorspronkelijk bericht- Van: Klaus Darilion Verzonden: dinsdag 9 maart 2021 13:18 Aan: steffanno...@gmail.com Onderwerp: AW: [Pdns-us

[Pdns-users] DNSSEC UDP problems

Hello, Suddenly im getting DNSSE|C warnings. Any idees what im missing here? When analysing the dns with dnsviz.net im seeing " The server(s) were not responsive to queries over UDP. (2a00:1bd0:740:1:2::2, 2a00:1bd0:740:1:46::162) I dont understand why, I disabled the firewall for testing ne

[Pdns-users] PowerDNS Recursor Alpha3 Released

Hello!, We are proud to announce the third alpha release of what should become PowerDNS Recursor 4.5.0. This release contains various bug fixes, improvements and new features. The second alpha was an internal release only and never went public. The upcoming 4.5.0 release includes a