> Is automatic signing with ECDSA supposed to work yet?
If you linked with an openssl that supports it (which you must have,
or dnssec-signzone wouldn't have worked) then yes, automatic signing
should work too. (If you don't mind, can you send this to
bind9-b...@isc.org? Or I could forward it f
kevin wrote on 08/15/2012 12:52:18 PM:
> I don't believe SRV lookups use the "search" directive in /etc/
> resolv.conf; I think that's only for A (name-to-address) lookups.
> But I could be wrong on that...
Using host I was able to do a search for _sip._tcp for the search domain
on my system (d
Is automatic signing with ECDSA supposed to work yet? I ran:
$ dnssec-keygen -a ECDSAP256SHA256 -f KSK fanf2.ucam.org
Generating key pair.
Kfanf2.ucam.org.+013+03356
$ dnssec-keygen -a ECDSAP256SHA256 fanf2.ucam.org
Generating key pair.
Kfanf2.ucam.org.+013+63927
$ chmod g+r K*
$ rndc loadkeys fa
that's how I understand it also. This DNS query is happening before the
SCSCF would issue an ENUM. I believe it would eventually do this but the
purpose of this dns query is to find the SIP entry point (icscf) into a
domain for the call.
I think this is either a config issue on my end or a bug. T
I don't believe SRV lookups use the "search" directive in
/etc/resolv.conf; I think that's only for A (name-to-address) lookups.
But I could be wrong on that...
It all comes back to: the client should know what domain contains the
resources it's looking for. There's fundamentally no such thing
That's what I tried to tell the OpenIMS folks. I have search mydomain
in/etc/resolv but somehow they aren't adding mydomain to the query. This
only happens when the PCSCF tries to find the ICSCF after receiving a SIP
invite with a TEL uri which by definition has no domain since it's in the
pstn.
There's no point in answering a "domain-less" SRV-record query, since
the whole point of the SRV record type is to allow clients to find
resources associated with a particular domain (and protocol/transport).
You need to set the proper domain on the client doing the lookup.
- Kevin
In message
, Thomas Secula writes:
>
> Hello,
>
> I hope this is the right list.. I am using bind 9.8.2on centos 6 with a
> system called openims. I am trying to get my bind server to respond to an
> SRV query of _sip._udp where the query has no domain.
_sip._udp *is* a domain name. I
On 15/08/12 15:42, Thomas Secula wrote:
Hello,
I hope this is the right list.. I am using bind 9.8.2on centos 6 with a
system called openims. I am trying to get my bind server to respond to
an SRV query of _sip._udp where the query has no domain.
Yuck. That's horrible. Are you *sure* that's wh
Hello,
I hope this is the right list.. I am using bind 9.8.2on centos 6 with a
system called openims. I am trying to get my bind server to respond to an
SRV query of _sip._udp where the query has no domain. I am told by the
openims folks that I should be able to get my bind to respond but I have
b
Playing around with dnssec-verify:
$ dig axfr dotat.at | dnssec-verify -o dotat.at /dev/stdin
Loading zone 'dotat.at' from file '/dev/stdin'
Verifying the zone using the following algorithms: RSASHA1.
Zone fully signed:
Algorithm: RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked
11 matches
Mail list logo
