On Wed, Oct 05, 2011 at 12:22:58AM -0700, Stephane Bortzmeyer wrote:
> Not true. For every problem reported by the tool, I contacted the
> managers of the domain, both to report they have an issue and to ask
> them what system they were using. So, I'm pretty confident that
> OpenDNSSEC had no suc
In message , Raymond Drew Walker writes:
> -Original Message-
>
> From: Tony Finch
> Date: Tue, 4 Oct 2011 20:30:43 +0100
> To: Raymond Walker
> Cc: "bind-users@lists.isc.org"
> Subject: Re: DNSSEC not populating parent zone files with DS records
>
> >Raymond Drew Walker wrote:
> >
>
-Original Message-
From: Tony Finch
Date: Tue, 4 Oct 2011 20:30:43 +0100
To: Raymond Walker
Cc: "bind-users@lists.isc.org"
Subject: Re: DNSSEC not populating parent zone files with DS records
>Raymond Drew Walker wrote:
>
>> In testing, this pipe sets up the following for nsupdate whi
On 10/4/11 3:49 PM, "Paul B. Henson" wrote:
> dnssec is fairly complicated, and the issue of timing can be complex,
> but once the variables are determined than the actual procedures of
> implementation are pretty simple. Generate keys with appropriate
> publication, activation, inactivation, and
On 10/5/2011 5:21 AM, Sergio Charpinel Jr. wrote:
> After suplying DS and the respective NS record for subdomain in the
> parent zone (domain.com), it works. If I disable dnssec in my
> recursive server, it also works.
> So, if a zone is not signed properly (or doesnt have DS records) the
> query
Sergio Charpinel Jr. wrote:
>
> After suplying DS and the respective NS record for subdomain in the
> parent zone (domain.com), it works.
That sounds like you had no delegation RRs in the parent zone. In that
case the parent zone will contain a secure denial of existence of the
child zone. If you
On 04/10/11 21:38, Job wrote:
> Hello,
>
> everything is fine, i patched the source tree!
>
> Thank you, regards!
>
> Francesco
Whose source tree?
Is it the patch something that would be useful/appropriate to share here?
Regards,
Cathy
___
Please
After supplying NS's and DS in the parent zone,
is that parent zone properly resigned ? (to generate NSEC(3) and RRSIG's)
If you ask your validating caching name server for the DS of domain.com.
do you get a proper reply with AD bit set ?
If you ask your validating caching name server for the DS
Marc,
After suplying DS and the respective NS record for subdomain in the
parent zone (domain.com), it works. If I disable dnssec in my
recursive server, it also works.
So, if a zone is not signed properly (or doesnt have DS records) the
query will fail? Isn't it better to query those misconfigur
Hello,
You do not provide sufficient data for diagnose !
But it seems to me that bind is not complaining about the DS of
subdomain.domain.com.
but rather about a
"missing RRSIG for a NSEC when fetching DS of domain.com."
Admittingly, logmessages could be somewhat more userfriendly,
but I'd check
Hi,
Dig returns SERVFAIL while trying to resolve a dnssec enabled zone
without DS record in parent zone. For example, I have these two DNSSEC
enabled zones:
domain.com
subdomain.domain.com
domain.com zone has NO DS record for subdomain.domain.com zone, and
subdomain.domain.com has an A record fo
On 05.10.2011 12:58, Roberto Bosticardo wrote:
> If you ask a resolver/cache server running named the resolution of name
> "www.myspace.fr" it returns (SERVFAIL), if you ask the same to a
> dnscache server it correctly resolves to the ip address.
BIND doesn't like NS records resolving to CNAMEs:
Hi all,
I have a problem with named (both bind9.3 and bind9.7) and resolution of
"www.myspace.fr";
the problem is not present in dnscache (of djbdns suite) or asking
resolution to google public dns (they run a Google implementation of dns
protocol).
If you ask a resolver/cache server running
On Tue, Oct 04, 2011 at 03:49:25PM -0700,
Paul B. Henson wrote
a message of 40 lines which said:
> Other than knowing a given domain had an issue, you have no idea
> what caused it, or what tool they may have been using, and it is
> only an assumption that the issue arose from a custom program
14 matches
Mail list logo
