On Jan 12, 2011, at 11:09 PM, Gordon A. Lang wrote:
> Does Microsoft DNS client code ever use any other DDNS target identifier
> other than the MNAME? I know some old codes used the NS records and/or the
> client's resolver list, but it is my understanding that both of those
> techniques have b
Does anybody happen to know.
With BIND 9, if the MNAME resolves to multiple A records and "notify yes" is
specified, do notifies get withheld from all specified NS destinations that
resolve to any of the addresses associated with the MNAME? Or do notifies only
get withheld from NS destinat
If a zone is not dynamic, then the MNAME does nothing except to possibly
inhibit notifies to the declared master iff you specify the option "notify
yes" or if you do not specify any notify option (as "notify yes" is the
default).
If a zone is dynamic, then the MNAME plays a very critical role
hello bind network
hello dnssec network admin.
I correctly configure my server centos dnssec on with as a
representative of encryptions dlv isc. my question is relevant and was
already asked but I have not found the complete answer on google. my
question is how to include the DS record in the
On Thu, 13 Jan 2011, Mark Andrews wrote:
dnssec-signzone uses multiple threads to sign the zone a node at a
time. These work items finish in a non-deterministic manner leading
to a different order in the resulting text file being produced.
This is done after the zone was sorted to generate the
In message , Paul Wou
ters writes:
> On Wed, 12 Jan 2011, Mark Elkins wrote:
>
> > dnssec-signzone -3 "abcd" -o example.com -p -t -A -d keyset -g -a -N
> > increment -s 2011061553 -e 20110210161553 -f example.com.sign-1
> > example.com.signed
> >
> > A minute later - I run the same command -
Thank you all!
So, it would still have rndc do the reload essentially and file copy
because the masters would get the files via cfengine which we have
working via scp. So basically it's not going outside of what bind
provides.
This is to quickly stand up several DNS boxes, even masters.
Since th
On 01/12/11 16:07, Mark Elkins wrote:
>---
>
> So now I want to resign the zone. Its already signed. How can I do that
> without having to have the Private KSK still around. I'd have thought
> that I'd just perhaps need the Private ZSK around to re-sign
On 01/12/11 17:58, Mark Elkins wrote:
> Still playing with DNSSEC and signing zones.
>
> I'm resigning an already signed zone.
>
> I'm doing this on a hyper-threaded 4-core i7 (Intel(R) Core(TM) i7 CPU
> 920 @ 2.67GHz) which under linux gives me 8 cores.
>
> I'm using the command:
>
> dnssec-si
On 01/12/11 16:13, dev null wrote:
> Hello,
>
> I have most of this worked out but I intend to setup bind in a
> multiple master manner.
>
> This makes me question a few things:
>
> 1. What can I use for the SOA MNAME? In the off chance a box may die,
> I am thinking of using a VIP which contain
On Wed, Jan 12, 2011 at 5:13 PM, dev null wrote:
> Hello,
>
> I have most of this worked out but I intend to setup bind in a
> multiple master manner.
>
> This makes me question a few things:
>
> 1. What can I use for the SOA MNAME? In the off chance a box may die,
> I am thinking of using a VIP
On Wed, 12 Jan 2011, Mark Elkins wrote:
dnssec-signzone -3 "abcd" -o example.com -p -t -A -d keyset -g -a -N
increment -s 2011061553 -e 20110210161553 -f example.com.sign-1
example.com.signed
A minute later - I run the same command - but output to a different
file... -f example.com.sign-
Still playing with DNSSEC and signing zones.
I'm resigning an already signed zone.
I'm doing this on a hyper-threaded 4-core i7 (Intel(R) Core(TM) i7 CPU
920 @ 2.67GHz) which under linux gives me 8 cores.
I'm using the command:
dnssec-signzone -3 "abcd" -o example.com -p -t -A -d keyset -g -a
Hello,
I have most of this worked out but I intend to setup bind in a
multiple master manner.
This makes me question a few things:
1. What can I use for the SOA MNAME? In the off chance a box may die,
I am thinking of using a VIP which contains the multiple masters
within it. However I am not su
There are some parts of Key management with DNSSEC that I don't quite
get - so I'm hoping for some feedback. I'm using BIND 9.7.2-P3 and
running "dnssec-signzone -3 "abcd" -o example.com -p -t -A example.com"
I believe that:-
1 - The KSK is used to sign the ZSK.
2 - The ZSK is used to sign the re
On Tue, 11 Jan 2011 18:46:39 +0100, Kalman Feher
said:
> I'm curious whether the domain in question had a DS in the parent zone?
No, it didn't. The effect is there even if the parent zone does not
support DNSSEC. I stumbled over this while I was checking whether my
tools could properly handle
16 matches
Mail list logo
