Hi Andrew!
DNSSEC is more costly: more Ressource Records to hold on disk, to hold in
memory and more queries and more IP traffic. If the DNSSEC signing is also done
by the DNS provider there would be additional ressources for the signing
service and risks when doing something wrong.
For a sing
On 2022 Apr 12, at 18:25, @lbutlr wrote:
>
> My secondary DNS server (bind916-9-16-27) is reporting:
>
> managed-keys-zone: Failed to create fetch for DNSKEY update
Named.conf relevant settings (I think) are:
recursion yes;
allow-query { any; };
allow-recursion { 127.0.
On 14 Apr 2022, at 13:22, Matthijs Mekking wrote:
these records may also stay in the zone. BIND chooses to keep them in
the zone
Thanks, Matthijs. That fills the gap for me.
Niall
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the developm
Greetings, all.
I had a surprise on the bill from my secondary DNS provider after I turned on
DNSSEC. The number of record queries on my domains increased by a factor of
about 5, compared to the number of record queries when I didn't have DNSSEC. Is
this normal for DNSSEC? It's been a consisten
Hi Niall,
On 14-04-2022 13:59, Niall O'Reilly wrote:
Hi.
Clue needed, please.
I’ve managed to migrate a number of zones from cron-driven signing
using homegrown scripts to automatic management by named, while
retaining the respective original KSK for each.
Following migration, ZSK:s have been
Hi.
Clue needed, please.
I’ve managed to migrate a number of zones from cron-driven signing
using homegrown scripts to automatic management by named, while
retaining the respective original KSK for each.
Following migration, ZSK:s have been replaced as might be expected,
since the keys were shor
6 matches
Mail list logo
