On 03/03/12 12:47, dE . wrote:
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
se
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
second for SHA-256.
I was read
Just let it complete signing the zone. This is done incrementally.
sig-signing-nodes ;
sig-signing-signatures ;
These control the number nodes processed and signatures generated per
increment.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2
When BIND 9.9.0 was released, we started converting our DNSSEC-signed zones to
inline signing.
Everything went smoothly with all but one of our zones ("pesky.zone", below).
With that zone, after named signed it and completed an AXFR-style IXFR to each
of four slaves, it proceeded to start repea
> Didn't the answer to the NS query include the addresses in the Additional
> Section? It does when I perform the query manually. It gets cut off with
> the default packet size, but if EDNS0 is used it will include them all.
The addresses are included in the additional section. Missed that ear
On Fri, Mar 02, 2012 at 11:13:06AM +0100, Matus UHLAR - fantomas wrote:
> > NXDOMAIN redirection is now possible. This enables a resolver
> > to respond to a client with locally-configured information
> > when a query would otherwise have gotten an answer of "no
> > such domain". This allows a
In article ,
"Spain, Dr. Jeffry A." wrote:
> >> No, it requires a rebuild after changing lib/dns/rootns.c. But using a
> >> mildly out-of-date hints file is usually harmless - it is only a *hint*.
>
> > Right. One of the first things BIND does after starting up is query one of
> > the root se
On Fri, Mar 02, 2012 at 11:13:06AM +0100, Matus UHLAR - fantomas wrote:
> On 29.02.12 17:53, Michael McNally wrote:
> > NXDOMAIN redirection is now possible. This enables a resolver
> > to respond to a client with locally-configured information
> > when a query would otherwise have gotten an ans
On 02/03/12 10:13, Matus UHLAR - fantomas wrote:
On 29.02.12 17:53, Michael McNally wrote:
NXDOMAIN redirection is now possible. This enables a resolver
to respond to a client with locally-configured information
when a query would otherwise have gotten an answer of "no
such domain". This allows
>> No, it requires a rebuild after changing lib/dns/rootns.c. But using a
>> mildly out-of-date hints file is usually harmless - it is only a *hint*.
> Right. One of the first things BIND does after starting up is query one of
> the root servers to get the current set of root servers.
Thanks. T
Spain, Dr. Jeffry A. wrote:
>
> Would you please elaborate on how you are managing your bogon-related
> empty zones.
I have bogon declarations and empty zones for all the ranges listed in RFC
5735 except 224.0.0.0/4 which only has a bogon declaration. (The multicast
addresses shouldn't be used fo
>> If the root hints are updated on ftp://rs.internic.net/domain/, would
>> it require a new build of bind to incorporate them, or is bind able to
>> update its built-in root hints by some other means?
> No, it requires a rebuild after changing lib/dns/rootns.c. But using a mildly
> out-of-date
On 29.02.12 17:53, Michael McNally wrote:
NXDOMAIN redirection is now possible. This enables a resolver
to respond to a client with locally-configured information
when a query would otherwise have gotten an answer of "no
such domain". This allows a recursive nameserver to provide
altern
13 matches
Mail list logo
