> Well, it's a better work around than what I have been doing, but not
> having the RFC 5011 behaviour is quite a disappointment. Now I have
> presentiments of disaster should the DLV key have to be rolled for
> whatever reason.
Sorry, I misunderstood your question--I thought you wanted to know h
On Sat, 17 Jul 2010, Stephane Bortzmeyer wrote:
>
> OK, let's rephrase it: as far as I know, the root managers did not
> announce that they will follow RFC 5011. But may be they did and I
> just missed the announcement or may be they will do it in the
> future. But check yourself before using manag
On 07/18/10 12:28, Matthew Seaman wrote:
> Think I'll just drop the external-chaos view. Some script kiddie
> working out I'm running the latest version of bind is likely to be lower
> risk and a lot less harmful than dealing with broken dnssec chains of trust.
I agree, and to take it one step fu
On Sun, Jul 18, 2010 at 3:28 PM, Matthew Seaman
wrote:
> Think I'll just drop the external-chaos view. Some script kiddie
> working out I'm running the latest version of bind is likely to be lower
> risk and a lot less harmful than dealing with broken dnssec chains of trust.
version none
On 18/07/2010 17:58:15, Evan Hunt wrote:
>> Is there a way of using dnssec-lookaside and forcing bind not to
>> maintain a managed-keys-zone for certain views?
>
> Sure, just do it the old way, without "dnssec-lookaside auto".
> Put these in the view statement:
>
> dnssec-lookaside . trus
> Is there a way of using dnssec-lookaside and forcing bind not to
> maintain a managed-keys-zone for certain views?
Sure, just do it the old way, without "dnssec-lookaside auto".
Put these in the view statement:
dnssec-lookaside . trust-anchor dlv.isc.org;
trusted-keys {
In message <2aa71bedebcf80449e35b7b640700be43347b1b...@email4.uspto.gov>, "Lear
, Karen (Evolver)" writes:
> My recursive DNS servers are intermittently timing out and giving slow respon
> ses to qa.pay.gov. I haven't noticed problems with any other sites. How can
> I nail down where the proble
It's cosmetic. The final NSEC3 record proves the non-existance
of the data or wildcard. With a nodata response we should be
expecting the record. The following has been compiled but otherwise
has not been tested.
Mark
Index: bin/named/query.c
==
Dear list,
Is there a way of using dnssec-lookaside and forcing bind not to
maintain a managed-keys-zone for certain views? Or allowing it to start
up if the files are missing for some views? I have within my named.conf
this view, designed to hide bind.version and so forth from the world at
lar
9 matches
Mail list logo
