Re: Automatic Key Management

2017-09-14 Thread Tony Finch
Mark Elkins wrote: > With BIND version 9.12  coming out - I'm wondering if I've missed any > announcements on some form of Automatic (DNS)Key Management? > Something that will create and retire keys according to some sort of policy. See dnssec-keymgr (new in 9.11) which will automate ZSK managem

Automatic Key Management

2017-09-14 Thread Mark Elkins
With BIND version 9.12  coming out - I'm wondering if I've missed any announcements on some form of Automatic (DNS)Key Management? Something that will create and retire keys according to some sort of policy. Does anyone have nice and up-to-date cheat sheets of the easiest way to do DNSSEC with BIN

Re: What is wrong with my second $ORIGIN

2017-09-14 Thread Reindl Harald
Am 14.09.2017 um 14:40 schrieb Alan Clegg: On 9/14/17 8:35 AM, Reindl Harald wrote: so that it doesn't matter whether you have the trailing . or not. Downside, of course, is that you have to repeat your domain name about a gazillion times. scripting is the better answer Dynamic zones is

Re: What is wrong with my second $ORIGIN

2017-09-14 Thread Alan Clegg
On 9/14/17 8:35 AM, Reindl Harald wrote: >> so that it doesn't matter whether you have the trailing . or not. >> >> Downside, of course, is that you have to repeat your domain name about a >> gazillion times. > > scripting is the better answer Dynamic zones is the better, better answer. 8-) H

Re: What is wrong with my second $ORIGIN

2017-09-14 Thread Reindl Harald
Am 14.09.2017 um 14:21 schrieb Tony Finch: Mukund Sivaraman wrote: Missing a trailing period(.) Here's a fun trick to avoid making this mistake: use FQDNs everywhere in the zone file, and use the directive $ORIGIN . so that it doesn't matter whether you have the trailing . or not

Re: What is wrong with my second $ORIGIN

2017-09-14 Thread Tony Finch
Mukund Sivaraman wrote: > > Missing a trailing period(.) Here's a fun trick to avoid making this mistake: use FQDNs everywhere in the zone file, and use the directive $ORIGIN . so that it doesn't matter whether you have the trailing . or not. Downside, of course, is that you have to re

Re: What is wrong with my second $ORIGIN

2017-09-14 Thread Mark Andrews
Please read the error message *carefully*. ns1.mail.lab.example.com.lab.example.com != ns1.mail.lab.example.com. You are missing a terminating period on the MX record. Mark In message , Harshith Mulky writes: > Hello Experts, > > > Whats wrong with my second $ORIGIN here: > > > $ORIGIN lab.exa

Re: What is wrong with my second $ORIGIN

2017-09-14 Thread Mukund Sivaraman
On Thu, Sep 14, 2017 at 07:02:52AM +, Harshith Mulky wrote: > Whats wrong with my second $ORIGIN here: > > > $ORIGIN lab.example.com. > $TTL 1d > @ IN SOA colombo root.lab.example.com. ( > 2003022720 ; Serial >

What is wrong with my second $ORIGIN

2017-09-14 Thread Harshith Mulky
Hello Experts, Whats wrong with my second $ORIGIN here: $ORIGIN lab.example.com. $TTL 1d @ IN SOA colombo root.lab.example.com. ( 2003022720 ; Serial 56800 ; Refresh