Re: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen

Gaurav Kansal writes: > I was wondering if HMAC* keys are not used for zone then why the same > is displayed when we use "dnssec-keygen -h". the tool "dnssec-keygen" can be used to create both "zone" keys (with "-n ZONE") for DNSSEC zone signing, and "host" keys (with "-n HOST") for TSIG signin

Re: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen

On 3/6/14, 12:40 AM, Gaurav Kansal wrote: > I was wondering if HMAC* keys are not used for zone then why the same is > displayed when we use "dnssec-keygen -h" Because dnssec-keygen is used to generate more than just DNSSEC zone keys. AlanC signature.asc Description: OpenPGP digital signature

Re: Regarding zone trf from master to slave

Hi, > We want to have log of what entries has been changed in the master > (which is causing this zone transfer) at the time of zone transfer. Two options come to mind: 1) Log the output of 'dig -t ixfr=2014030501 example.org' occasionally, updating the serial to query for changes since the last

Re: Regarding zone trf from master to slave

Gaurav Kansal wrote: > > We are running slave services for our customers. > > We want to have log of what entries has been changed in the master (which is > causing this zone transfer) at the time of zone transfer. > > I want to know whether it is possible to have some sort of log generation > (ei

Regarding zone trf from master to slave

Dear Team, We are running slave services for our customers. We want to have log of what entries has been changed in the master (which is causing this zone transfer) at the time of zone transfer. I want to know whether it is possible to have some sort of log generation (either by using quer

RE: Regarding HMAC-SHA256 and RSASHA512 key generation algorithm in dnssec-keygen

HI Tony, Thanks for help. I was wondering if HMAC* keys are not used for zone then why the same is displayed when we use "dnssec-keygen -h". Regards, Gaurav Kansal -Original Message- From: Tony Finch [mailto:fa...@hermes.cam.ac.uk] On Behalf Of Tony Finch Sent: Monday, March 3

Re: Sporadic but noticable SERVFAILs in specific nodes of an anycast resolving farm running BIND

On 05/03/14 15:15, Klaus Darilion wrote: > Does it only happen for IPv6 DNS requests? Maybe it is related to this: > https://open.nlnetlabs.nl/pipermail/nsd-users/2014-January/001783.html Or, less likely, this: http://marc.info/?l=linux-netdev&m=139352943109400&w=2 -- Marco ___

Re: Sporadic but noticable SERVFAILs in specific nodes of an anycast resolving farm running BIND

Does it only happen for IPv6 DNS requests? Maybe it is related to this: https://open.nlnetlabs.nl/pipermail/nsd-users/2014-January/001783.html klaus On 05.03.2014 14:16, Kostas Zorbadelos wrote: Greetings to all, we operate an anycast caching resolving farm for our customer base, based on Cen

Sporadic but noticable SERVFAILs in specific nodes of an anycast resolving farm running BIND

Greetings to all, we operate an anycast caching resolving farm for our customer base, based on CentOS (6.4 or 6.5), BIND (9.9.2, 9.9.5 or the stock CentOS package BIND 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1) and quagga (the stock CentOS package). The problem is that we have noticed sporadic but