posttls-finger: RFE

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

posttls-finger: RFE

Patrick Ben Koetter-2
Viktor,

I am looking for a switch in posttls-finger to tell it where (read: nameservr)
to lookup TLSA RRs.

Problem is: I've updated my zone, but I posttls-finger doesn't seem to 'see'
that because my local resolver has cached the DNS zones information.

Is there an option I didn't see? A better way to handle this?

p@rick



--
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 
Reply | Threaded
Open this post in threaded view
|

Re: posttls-finger: RFE

Viktor Dukhovni
On Sun, Dec 15, 2013 at 09:33:25PM +0100, Patrick Ben Koetter wrote:

> I am looking for a switch in posttls-finger to tell it where (read: nameservr)
> to lookup TLSA RRs.
>
> Problem is: I've updated my zone, but I posttls-finger doesn't seem to 'see'
> that because my local resolver has cached the DNS zones information.
>
> Is there an option I didn't see? A better way to handle this?

No, the libresolv API does not support the caller to specify either
the nameserver list or the location of the resolv.conf file.  Just
flush your nameserver cache or restart it.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: posttls-finger: RFE

Patrick Ben Koetter-2
* Viktor Dukhovni <[hidden email]>:

> On Sun, Dec 15, 2013 at 09:33:25PM +0100, Patrick Ben Koetter wrote:
>
> > I am looking for a switch in posttls-finger to tell it where (read: nameservr)
> > to lookup TLSA RRs.
> >
> > Problem is: I've updated my zone, but I posttls-finger doesn't seem to 'see'
> > that because my local resolver has cached the DNS zones information.
> >
> > Is there an option I didn't see? A better way to handle this?
>
> No, the libresolv API does not support the caller to specify either
> the nameserver list or the location of the resolv.conf file.  Just
> flush your nameserver cache or restart it.

For the record and those who use unbound:

% unbound-control flush <DOMAIN>


--
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
 
Reply | Threaded
Open this post in threaded view
|

Re: posttls-finger: RFE

A. Schulze
Am 15.12.2013 22:08 schrieb Patrick Ben Koetter:
> % unbound-control flush <DOMAIN>

I prefer "unbound-control flush_zone <DOMAIN>" because "flush" don't flush TXT

Andreas