Re: DNSSEC With Primary Hidden - Clarifying Question from Documentation

2023-01-17 Thread Pirawat WATANAPONGSE via bind-users
If my “understanding” of your desire is wrong, I do apologize for creating even more noise rather than answering it. I believe that your problem is only a matter of “semantics”: the “terms” used do not sync-up with the “meanings”. My best guess is that you want the “master copy & signing” of your

Re: DNSSEC With Primary Hidden - Clarifying Question from Documentation

2023-01-17 Thread Peter
On Tue, Jan 17, 2023 at 05:28:57PM -0600, E R wrote: ! I am planning on implementing the current version of BIND to replace the ! aging, undocumented authoritative servers I inherited. I want to hide the ! primary server on our internal network and have two secondary servers be ! publicly availabl

Re: DNSSEC With Primary Hidden - Clarifying Question from Documentation

2023-01-17 Thread Mark Andrews
> On 18 Jan 2023, at 10:55, Grant Taylor via bind-users > wrote: > > On 1/17/23 4:45 PM, Michael Richardson wrote: >> Many people do exactly that. > > Sorry, I don't see that as an answer to -- my understanding of -- the OP's > question of "Does the primary server that handles the DNSSEC du

Re: DNSSEC With Primary Hidden - Clarifying Question from Documentation

2023-01-17 Thread Grant Taylor via bind-users
On 1/17/23 4:45 PM, Michael Richardson wrote: Many people do exactly that. Sorry, I don't see that as an answer to -- my understanding of -- the OP's question of "Does the primary server that handles the DNSSEC duties need to be not hidden / publicly accessible?" Specifically what many peop

Re: DNSSEC With Primary Hidden - Clarifying Question from Documentation

2023-01-17 Thread Michael Richardson
E R wrote: > I am planning on implementing the current version of BIND to replace the > aging, undocumented authoritative servers I inherited. I want to hide the > primary server on our internal network and have two secondary servers be > publicly available. While reading the DN

DNSSEC With Primary Hidden - Clarifying Question from Documentation

2023-01-17 Thread E R
I am planning on implementing the current version of BIND to replace the aging, undocumented authoritative servers I inherited. I want to hide the primary server on our internal network and have two secondary servers be publicly available. While reading the DNSSEC Guide

[KASP] Key rollover

2023-01-17 Thread adrien sipasseuth
Hello, I put the management of DNSSEC with KASP, the zone is well functional. (dig with "AD" flag etc) On the other hand, I can't see when the key rollover period for my KSK is over (2 KSKs with a dig DNSKEY...) Without KASP, it was easy because I generated the second KSK key but with KASP, it i