On Mon, Oct 03, 2011 at 05:32:18PM -0700,
Paul B. Henson wrote
a message of 59 lines which said:
> Our zone data is maintained in a revision control repository; when
> changes are made there is a process that generates a bind format
> zone file from the data, checks it for syntax errors, compi
In message <4e8a5412.7050...@acm.org>, "Paul B. Henson" writes:
> We are getting ready to deploy dnssec, and I'd appreciate a quick sanity
> check on our configuration and key timings to make sure I didn't miss
> anything that would cause things to blow up ;).
>
> Our zone data is maintained in
We are getting ready to deploy dnssec, and I'd appreciate a quick sanity
check on our configuration and key timings to make sure I didn't miss
anything that would cause things to blow up ;).
Our zone data is maintained in a revision control repository; when
changes are made there is a process
On 9/30/2011 6:21 PM, Shawn Bakhtiar wrote:
"We came to the conclusion that no matter how much we wanted it to
not be true, people find a way to do NXDOMAIN if they want to. The
issue is not ours to push, it's between the ISP and the customer
ultimately, and people will do it -- and more intrus
Hello,
by regarding the excellent guide of Jan Pit Mens, i have integrated Bind 9.8.1
DLZ with Mysql 5.x DB; everything is fine and fantastic.
I cannot use Postgresql 8.4.8 backend; named correctly starts but, when first
nslookup query take place, named crash with this dump:
--
In message <20111003132508.GL11782@michelle1>, Michelle Konzack writes:
> Hello Mark Andrews,
>
> Am 2011-10-03 20:16:33, hacktest Du folgendes herunter:
> > No. It looks completely wrong. Someone/something has re-named the K* fil=
> es.
> > As the K* files have been renamed named can't find the
Michael Sinatra wrote:
>
> There are ways of getting the DS records into the zone(s). Here are some
> steps that I took on some test zones:
Alternatively, set "update-policy local;" on your parent zone and use this
little pipeline on the master server. Substitute $parent and $child as
necessary:
On 03/10/2011 13:45, Torinthiel wrote:
> On 2011-10-01 11:40, Matthew Seaman wrote:
>> dnssec-signzone will grok all the built-in dates and do the right thing
>> when you sign the zone.
> BTW, how does dnssec-signzone behave when you pass -s option? Does it
> take into account that date when dete
On 10/3/2011 6:25 AM, Michelle Konzack wrote:
> Hello Mark Andrews,
>
> Am 2011-10-03 20:16:33, hacktest Du folgendes herunter:
>> No. It looks completely wrong. Someone/something has re-named the K* files.
>> As the K* files have been renamed named can't find them.
>
> No, they are found correc
Bill Owens wrote:
>
> However, in this case I believe your problem is the lack of NS records
> in nau.edu for extended.nau.edu. It's difficult to know for sure, but it
> appears that the only signature for the NS RRSET is using the ZSK for
> extended.nau.edu, not the ZSK for nau.edu.
This is norm
Hello Mark Andrews,
Am 2011-10-03 20:16:33, hacktest Du folgendes herunter:
> No. It looks completely wrong. Someone/something has re-named the K* files.
> As the K* files have been renamed named can't find them.
No, they are found correctly.
Here an extract (non relevant data striped):
[
On 2011-10-01 11:40, Matthew Seaman wrote:
The trick is to use dnssec-settime modify the dates built into your key
by dnssec-keygen. Or equivalently to use dnssec-keygen with appropriate
flags to set the 'Activate' date (not to mention Inactive and Delete)
some time in the future.
So --- this
On Sun, Oct 02, 2011 at 07:57:10PM +1100,
Leon Moya wrote
a message of 40 lines which said:
> I'd now like (with help) to add resolution for an internal Apache
> WebServer, used for developing and testing web pages prior to
> FTP'ing to the Internet Host. The webserver is configured for a half
In message <20111002161255.GG11782@michelle1>, Michelle Konzack writes:
> Hello Hauke Lampe,
>
> Am 2011-10-01 02:02:56, hacktest Du folgendes herunter:
> > Do you mean expired signatures or no signatures at all?
>
> I have expired signatures...
>
> > In the latter case, have you checked that t
14 matches
Mail list logo
