Search
39 results for “pemensik”
-
@pemensik @[email protected] @mypdns @Alonely0 @floppy_bv
no, I mean #IXFR. That is incremental zone transfer.
OK, then I misunderstood your intention. I do recalls it as unbound only support AXFR, but look it up to be sure, it have been some years ago I played with it, as I go with PowerDNS's 3 pkg's on all my instances. (I then have a running copy of my RPZ zones on the laptop when it's not at home 😃 )
dnsdist is then setup to response from the server if available otherwise it is using the local resources.
-
@pemensik @[email protected] @mypdns @Alonely0 @floppy_bv
no, I mean #IXFR. That is incremental zone transfer.
OK, then I misunderstood your intention. I do recalls it as unbound only support AXFR, but look it up to be sure, it have been some years ago I played with it, as I go with PowerDNS's 3 pkg's on all my instances. (I then have a running copy of my RPZ zones on the laptop when it's not at home 😃 )
dnsdist is then setup to response from the server if available otherwise it is using the local resources.
-
@pemensik @[email protected] @mypdns @Alonely0 @floppy_bv
no, I mean #IXFR. That is incremental zone transfer.
OK, then I misunderstood your intention. I do recalls it as unbound only support AXFR, but look it up to be sure, it have been some years ago I played with it, as I go with PowerDNS's 3 pkg's on all my instances. (I then have a running copy of my RPZ zones on the laptop when it's not at home 😃 )
dnsdist is then setup to response from the server if available otherwise it is using the local resources.
-
@pemensik @[email protected] @mypdns @Alonely0 @floppy_bv
no, I mean #IXFR. That is incremental zone transfer.
OK, then I misunderstood your intention. I do recalls it as unbound only support AXFR, but look it up to be sure, it have been some years ago I played with it, as I go with PowerDNS's 3 pkg's on all my instances. (I then have a running copy of my RPZ zones on the laptop when it's not at home 😃 )
dnsdist is then setup to response from the server if available otherwise it is using the local resources.
-
@itisiboller @jerry Ha ha, it seems more people came to "love" #resolved. I have created something similar. https://github.com/pemensik/unresolved
-
Good News! #Avahi development seems to be alive again! @pemensik from Red Hat has pushed the v0.9rc1 tag for the upcoming 0.9 release!
For us at #OpenPrinting a well-maintained Avahi is essentially important.
-
I was thinking about installing #mastodon onto my server. But neither #fedora nor #centos package exists. Is there any reason for it? Is there license problem or just lack of volunteers preparing it? Not even updated image on quay.io. how should open source fan install it? Is docker the only supported option?
-
I have entered discussion about #california #parentalControl on @fedora
I think a lot of misinformation or misconception is flying around. I think the California is doing it *right* way and finally it is solution not selling anonymity for protection.It is a lot work to design it well and time is tight. But the concept it correct, OS should provide age group for it's user to apps. It doesn't need identification of the parent nor child IMO.
-
Watched @pid_eins #fosdem2026 presentation record about #Varlink. I think the idea is good, except it should use some binary protocol for communication between services. RFC 8949 #CBOR seems like excellent candidate. Text serialization is not necessary if human is never direct part of a pipeline. Data conversion is not slow, but not necessary between localhost- only services.
-
Visited #CSNOG26 conference, it was great event. I had to disable #DNSSEC validation on their wifi network. Asked for a contact to local network admin to ask what is the implementation used. Surprise, they said #bind9. If you operate anything old enough capable of ``dnssec-enabled no;``, please don't use it anyway. Use ``dnssec-validation no;`` only. It will stop servfail caused by validation failures, but won't prevent validation at clients. Fix your forwarders or firewalls if that is not ok
-
My #fosdem talk in #dns room got accepted! Great news for me, although I have a lot to do to present the potential I have already in my head. But not yet in the code! I want to work also on #avahi release. Well, I should relax and refresh at the same time. Combination of all that would not be a simple task. Merry Christmas everyone!
-
#Systemd #credentials system is relatively interesting thing. I lack some support for storing private keys in a format good for applications. Can it do #pkcs11 URI provider or #FIDO2 token authentication? It seems current implementation focuses on shared secrets - passwords. If we have integrated support with TPM2 chip, I think we should aim for #webauthn instead.
-
Just checked AlmaLinux container image. CentOS Stream were just created and Alma has #bind9 CVEs fixed already in their repos. If they say they got their changes from Stream, they are lying. These are RHEL fixes for RH customers only.
-
@neverpanic @bagder we got bitten in #bind9 by RSA1 signature verification regression. Is it possible to emulate RHEL default crypto policy also on Fedora somehow? To have it refuse SHA1 verification like on RHEL?
-
@arichtman well yes. Then the problem is caused by ndots:5 option of resolv.conf. is it recommended by kubernetes documentation? Also .local domain is reserved for #mdns. Including subdomains. Asks for more issues this way.
-
#avahi has one important limitation on multicast resolution. It expects host has only one important address on AF. At least that is offered by simple protocol used by nss-mdns. It cannot send multiple addresses on single name. That is often wrong. Is there potential contributor able to design fix for that? #mdns
-
@jinna until you use any form of encrypted DNS, your ISP can read everything. No matter what server you choose. Use #DoT or #DoH or #DoQ. But in the free world you should order a new ISP contract, if possible. They may still know something, but they should not be able to tamper with responses at least. You want also #ECH in you browser enabled.
-
I had a presentation about registering #hostname on #ipv6, when #SLAAC is used. Is there any attempt to register name to local #dns server, when I am on IPv6 only network? I think dynamic update over TCP would be similar to #dhcp based registration Dnsmasq does automatically. Is there any system attempting it already?
-
I had a presentation about registering #hostname on #ipv6, when #SLAAC is used. Is there any attempt to register name to local #dns server, when I am on IPv6 only network? I think dynamic update over TCP would be similar to #dhcp based registration Dnsmasq does automatically. Is there any system attempting it already?
-
I had a presentation about registering #hostname on #ipv6, when #SLAAC is used. Is there any attempt to register name to local #dns server, when I am on IPv6 only network? I think dynamic update over TCP would be similar to #dhcp based registration Dnsmasq does automatically. Is there any system attempting it already?
-
I had a presentation about registering #hostname on #ipv6, when #SLAAC is used. Is there any attempt to register name to local #dns server, when I am on IPv6 only network? I think dynamic update over TCP would be similar to #dhcp based registration Dnsmasq does automatically. Is there any system attempting it already?
-
I had a presentation about registering #hostname on #ipv6, when #SLAAC is used. Is there any attempt to register name to local #dns server, when I am on IPv6 only network? I think dynamic update over TCP would be similar to #dhcp based registration Dnsmasq does automatically. Is there any system attempting it already?
-
@fedora @centos @almalinux @rockylinux Great thing is F41 finally stopped blocking #dnssec validators. We had validation of gpg keys in dnf3. It finally works in default installation, but is not in #dnf5 anymore.
-
-
-
-
@[email protected] @wutti Good candidate for upstream DNS encryption provider might be also #dnsdist. Versatile thing with also DoH and DoQ support, which could be used together with pihole's dnsmasq. But haven't tried to compile it on openwrt myself. Visit dnsdist.org for help.