search for: dnsop

...07:49, Klaus Darilion via nsd-users <nsd-users at lists.nlnetlabs.nl> escreveu: > > Hi Christof! > > AFAIK, PowerDNS is the only open source name server that supports ALIAS. There was an idea to standardize ALIAS as "ANAME" (https://datatracker.ietf.org/doc/draft-ietf-dnsop-aname/), but the idea was dropped in favor of SVCB/HTTPS record https://datatracker.ietf.org/doc/rfc9460/. So now we have to wait until all Browser vendors implement SVCB/HTTPS. > > Regards > Klaus > > PS: If you build something new, don't use ALIAS, it can cause you problems l...

Hi Christof! AFAIK, PowerDNS is the only open source name server that supports ALIAS. There was an idea to standardize ALIAS as "ANAME" (https://datatracker.ietf.org/doc/draft-ietf-dnsop-aname/), but the idea was dropped in favor of SVCB/HTTPS record https://datatracker.ietf.org/doc/rfc9460/. So now we have to wait until all Browser vendors implement SVCB/HTTPS. Regards Klaus PS: If you build something new, don't use ALIAS, it can cause you problems later due to incompatibili...

...x86_64 And there are seven zones because of /etc/named.rfc1912.zones: // Provided by Red Hat caching-nameserver package // // ISC BIND named zone configuration for zones recommended by // RFC 1912 section 4.1 : localhost TLDs and address zones // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt // (c)2007 R W Franks // // See /usr/share/doc/bind*/sample/ for example named configuration files. // zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; //zone "localhost&qu...

Hello! Does nsd support ALIAS records or is there a plan to support it somewhen in the future? I didn't find anything about this topic in conjunction with nsd. Afaik there is no RFC for it and I guess therefore nsd does not support it. PowerDNS does for example: https://doc.powerdns.com/authoritative/guides/alias.html Br, Christof -------------- next part -------------- An HTML attachment

On 2/12/19 10:55 PM, Alice Wonder wrote: > DNSSEC keys do not expire. Signatures do expire. How long a signature > is good for depends upon the software generating the signature, some > lets you specify. ldns I believe defaults to 60 days but I am not sure. > > The keys are in DNSSKEY records that are signed by your Key Signing > Key and must be resigning before the signature

...d to your registrar but it only changes when you change your Key Signing Key, as it is based on your Key Signing Key. I see you are using algorithm 7 - I would recommend switching to either algorithm 13 or at least to 8. Algorithm 7 uses a SHA1 hash. See https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update-04 That's a draft but soon will be an update to the standard. Algorithm 13 (ECDSAP256SHA256) results in much smaller keys and signatures and is equivalent to about RSA-3072 in strength, and it uses a SHA-256 hash. However note that changing algorithms will result in valida...

...ones because of /etc/named.rfc1912.zones: > > // Provided by Red Hat caching-nameserver package > // > // ISC BIND named zone configuration for zones recommended by > // RFC 1912 section 4.1 : localhost TLDs and address zones > // and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt > // (c)2007 R W Franks > // > // See /usr/share/doc/bind*/sample/ for example named configuration files. > // > > zone "localhost.localdomain" IN { > type master; > file "named.localhost"; > allow-upd...

Hi List! Im trying to switch from using the samba internal dns to bind. Im running a self-compiled samba 4.7.1 pair of DCs on Centos 7.2. After following the steps in the wiki, named refuses to start with this error: ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled) Active: failed (Result:

https://bugzilla.mindrot.org/show_bug.cgi?id=2217 Bug ID: 2217 Summary: allow using _ssh._tcp SRV records Product: Portable OpenSSH Version: 6.5p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

Hello, My question is not related to NSD in particular, but I have seen here on the list a lot of people that work for TLDs and other Registrars and Registry operators I thought it would be a good place to ask this question. It is about DNS though, not completely off topic :). I have encountered in my DNS studies a few name servers that let you transfer zones they are authoritative for. The