On 02/18/13 19:02, Tony Finch wrote:
Lyle Giese <l...@lcrcomputer.net> wrote:
Recently I moved this domain(lcrcomputer.net) to a registrar that suports
DNSSEC and inserted the DS record for this domain.
Was it signed before this point? I am wondering if this is a DNS response
size problem - was the cause the addition of the DS record, or the
addition of DNSKEY and RRSIG records?
Tony.
The zone was signed before and was registered with ISC's look aside at
dlv.isc.org and had been for quite a while(at least a year and maybe
two). I made NO changes to the lcrcomputer.net zone itself other than
resign the data every 15 days. It appears to have broken on Feb 6th or
so and that would have been about the time I inserted the DS record.
The only change I have made was insert the DS record into my new
registrar for publishing.
My customer's zone is not signed, has no DKIM and has no SPF records,
never did.
But I am happy with this discussion as I get more than one set of eyes
looking at what I have done and getting some opinions. So I am getting
back that nothing is really wrong.(yea a couple of things I could
tweak..) I had forgotten about those pesky SPF records and am happy to
get rid of them! I may do the same with the DKIM records also.
Thanks to everyone for the feedback.
Lyle Giese
LCR Computer Services, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
