On Fri, 6 Aug 2010, Martin McCormick wrote:
> I have started looking at various ways for our
> organization to begin using dns-sec as this appears to be a high
> management priority and it will eventually become necessary to
> operate. We have a fairly simple structure with a official master
On Thu, 5 Aug 2010, Lyle Giese wrote:
>
> zone "mydomain.com"{
> type forward;
> forward only;
> forwarders { ;}; };
>
> The priv server needs to be authorative(and probably master) for
> mydomain.com.
As I understand it, BIND makes recursive queries to forwarding servers. If
the target is authori
On 06/08/10 19:59, Kevin Darcy wrote:
> On 8/6/2010 1:05 PM, CLOSE Dave (DAE) wrote:
>> Joseph S D Yao wrote:
>>
>>
>>> If you have two forwarders, as you listed, your server will try to
>>> forward first to one and then to the other. If it gets any answer at
>>> all from one - even an error
On 8/6/2010 1:05 PM, CLOSE Dave (DAE) wrote:
Joseph S D Yao wrote:
If you have two forwarders, as you listed, your server will try to
forward first to one and then to the other. If it gets any answer at
all from one - even an error answer - it will not try the other.
So forwarding w
Joseph S D Yao wrote:
> If you have two forwarders, as you listed, your server will try to
> forward first to one and then to the other. If it gets any answer at
> all from one - even an error answer - it will not try the other.
So forwarding works exactly the same as listing both servers in
re
In message <20100804184239.4ee3b47...@britaine.cis.anl.gov>, Barry Finkel write
s:
> Another question about query-source:
>
> Is there a difference between
>
> query-source address 1.2.3.4;
> and
> query-source 1.2.3.4;
No.
> My reading of the ARM simplies that the two are the same,
On 06/08/10 12:24, Martin McCormick wrote:
The one thing that impresses me about dns-sec is that it
appears to be one of those things that will probably work fine
after installation but getting there may be an adventure to put
it mildly.
My advice is to investigate upgrading to Bind 9.
Niobos writes:
> Definitely consider the 9.7 series! You can enable auto-dnssec which
> will maintain your signatures for you out-of-the-box. It also supports
> key rollover, but IIRC doesn't generate new keys at this moment.
That's not much of a problem. Thanks for reminding me of 9.7.
Martin Mc
That is, if one can get the latest
version to compile under FreeBSD8.0. So far, the configure
process is one dependency after another and I have yet to see it
actually finish so that is shades of years gone by when
installing software was an art on good days.
Use the port, see
Hi,
On 2010-08-06 13:24, Martin McCormick wrote:
> We are upgrading all DNS and DHCP servers to FreeBSD8.0
> and my plan was to use bind9.6x. If there is a better version for
> dns-sec, best to plan to use it now in order to sleigh as much
> of this dragon which is breathing fire on the edge
I'm running 9.6 in our lab environment with DNSSEC enabled, not much
difficulty at all. To make it even easier, you might want to look at the
Webmin BIND module. It makes it even easier.
Also, I went to ISC's BIND deployment workshop and found
it very insightful.
Brian
-Original Message
I have started looking at various ways for our
organization to begin using dns-sec as this appears to be a high
management priority and it will eventually become necessary to
operate. We have a fairly simple structure with a official master and
slave with dynamic DHCP continuously updating
12 matches
Mail list logo
