A policy for removing named.conf options.

Thu Jun 13 14:51:56 UTC 2019

Unconditional "call home" is always problematic but discretionary "call home" (per the URL) is much better.  However, be aware that some environments (such as Payment Card Industry standards) require that all outbound traffic have a business justification.  This could be justified, it's just going to be an administrative hassle to document the need and go through a management approval process.

________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Ondřej Surý <ondrej at isc.org>
Sent: Thursday, June 13, 2019 9:22:53 AM
To: G.W. Haywood
Cc: bind-users at lists.isc.org
Subject: [EXTERNAL] Re: A policy for removing named.conf options.

Hey,

we’ve been discussing the “call home” feature on several occasions and usually something
more pressing crawls at top of the TODO list, but here’s the issue we have as a starter:

https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fgitlab.isc.org%2fisc-projects%2fbind9%2fissues%2f421&c=E,1,5RfyTpYfPh7xliqVD4MiTRmekNfpBmTXzQmVptTqjqm1ew4vcDjQwzkKiVAlJhtyT_HqrdNmh4vqy-Umg9NGAUvDh_3a7EB7SlLtOH6OKbxmhCUZxrp9n8zD&typo=1

We would be happy to collect more feedback and don’t get me started on how I just love
to receive patches, preferably as merge requests (ping me if you need up the projects limit
in our GitLab) ;).

Ondrej
--
Ondřej Surý
ondrej at isc.org

&g

Harriscomputer

Leroy Tennison
Network Information/Cyber Security Specialist
E: leroy at datavoiceint.com

[cid:Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG]

2220 Bush Dr
McKinney, Texas
75070
www.datavoiceint.com<http://www..com>

This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc. These companies are listed here<http://subscribe.harriscomputer.com/>.

If you prefer not to be contacted by Harris Operating Group please notify us<http://subscribe.harriscomputer.com/>.

This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.

t; On 13 Jun 2019, at 15:55, G.W. Haywood via bind-users <bind-users at lists.isc.org> wrote:
>
> Hello again,
>
> On Thu, 13 Jun 2019, Matthijs Mekking wrote:
>> On 6/13/19 2:40 PM, G.W. Haywood via bind-users wrote:
>> > On Thu, 13 Jun 2019, Matthijs Mekking? wrote:
>> >
>> > > | managed-keys?????? | 9.15/9.16 | replaced with dnssec-keys |
>> >
>> > According to my changelogs for 'named.conf I removed 'managed-keys' and
>> > 'trusted-keys' three years ago, but still use 'managed-keys-directory'.
>> ... it is likely that you are using managed trust anchors that
>> are configured with 'managed-keys' in a bind.keys file. ...
>
> Correct.  It says in that file that I'm not expected to do anything to
> it - so I expect you'll take care of that when the time comes, yes?
>
> To tell you about the use of configuration options, could you not set
> up an ISC zone which BIND on startup will ping with a few packets?
> You'd get a lot more (and more accurate) feedback than sending out a
> plea on a mailing list.  You could make it a compile time option, ask
> for permission at build time, etc..
>
> --
>
> 73,
> Ged.
> _______________________________________________
> Please visit https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flists.isc.org%2fmailman%2flistinfo%2fbind-users&c=E,1,CqxGXQ1aiGLDV9LxLwljfYJRolmwJV3RlfcYaNABVsMlBnR5RJRsa2BaKR3xs-G5eFTxIA841AhYXTegjj-ggT2H9TJqOoJb18sEG8eenJz3jV80sk-eIJ1K&typo=1 to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flists.isc.org%2fmailman%2flistinfo%2fbind-users&c=E,1,lrTADuMZK7-3YQwQVI98M2QtIe3X6vetMWM-r7d7aOkIyI4r9ebviUn3Zt3DP7266hKmVaHsi7YHuqRMl2Qa34whLALYOPPIkAmRLthBNJxi5A,,&typo=1

_______________________________________________
Please visit https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flists.isc.org%2fmailman%2flistinfo%2fbind-users&c=E,1,__bZRbafpXn77YybXrIT8vrp5HPPCi47lEsNtl-XZNPm4xWpJaPv9WPRyYhW3ZVQvnsQgeCu5aVZu0wCqwBWSSWRNUEyvXYAcg-qkT-ZxuxC4DuEJSd0BmCGog,,&typo=1 to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flists.isc.org%2fmailman%2flistinfo%2fbind-users&c=E,1,ISqAFF76QaPqnU4mChTvAsOO3ML7KgbBDfwn3SbpXS-IEHJzUjsTCizHF7IZrVYRstLhmfu0DKXlGExNXKlgM_d16WvubXeUUOJqNO6T6Q,,&typo=1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190613/3054c2fa/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 8276 bytes
Desc: Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190613/3054c2fa/attachment-0001.png>