[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: help wanted, standing up mirroring sync proxies on public cloud

On Sat, Mar 11, 2023 at 12:43:52PM +0100, Julien Cristau wrote:
> I finally got around to the initial setup.  A couple of things so far:
> - the machine is running bookworm; that's going to cause extra work
>   initially.  I'll give it a try anyway, since it's essentially work
>   we'll need to do regardless, but it came as a surprise.

My mail stated Debian 12.

> - can you allow outbound dns in the firewall rules?  The provided resolver
>   doesn't look like it supports dnssec.

Yeah, found that out now.  Will allow DNS.  Also I'll enable DNSSEC
verification on the resolver, but that will not fix the problem, as it
still does not act like a full DNSSEC capable resolver, it neither sets
the AD bit, nor provides RRSIG records to the clients.

Bastian

-- 
If some day we are defeated, well, war has its fortunes, good and bad.
		-- Commander Kor, "Errand of Mercy", stardate 3201.7
Reply to: