> Can you share a bit about why you want to get out of using
> opendnssec/openhsm?
i need bind bitw for other zones. so two methods, one with a lot of
moving parts, ...
> I would regard this as an opportunity to test key rollover with your
> parent zone :-)
i have plenty of bullets and only two
Can you share a bit about why you want to get out of using
opendnssec/openhsm?
I would regard this as an opportunity to test key rollover with your parent
zone :-)
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works
On Thu, Jan 26, 2023 at 3:26 AM duluxoz wrote:
>
> Hi All,
>
> Sorry for asking what is almost certainly a "noob" question, but I'm
> seeing a lot of "lame-servers: info: no valid RRSIG resolving
> './NS/IN':" messages in our auth_servers.log for the DNS Root Servers'
> IPv4 addresses. Is this nor
>> is there a known hack to extract keys from opendnssec/openhsm to use for
>> bind bitw inline-signing?
>
> Assuming you mean SoftHSM
sorry, my bad. first cuppa.
> I don't think so, at least not when using its default settings. (That
> is one of the main features of an HSM -- to keep the keys
What is possible is to have BIND use PKCS#11 to use the keys stored in SoftHSM.
I should have added that a key rollover is possible from one to another. The
basic idea is to create new keypairs in BIND (dnssec-keygen) and then import
them key into SoftHSM for a rollover in OpenDNSSEC. Once that
is there a known hack to extract keys from opendnssec/openhsm to use for
bind bitw inline-signing?
Assuming you mean SoftHSM (i/o openhsm), no, I don't think so, at least not
when using its default settings. (That is one of the main features of an HSM --
to keep the keys safe -- although there a
Hi,
Yes, it is.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 27. 1. 2023, at 19:07, Elias Pereira wrote:
>
>
> hi,
>
> Is this docker image official?
>
> https
hi,
Is this docker image official?
https://hub.docker.com/r/internetsystemsconsortium/bind9
--
Elias Pereira
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at htt
is there a known hack to extract keys from opendnssec/openhsm to use for
bind bitw inline-signing?
randy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://ww
Hi Vladimir,
I bet it is something about stork looking for the named.conf file in a
specific location, but you may want to resend your message to stork-users:
https://lists.isc.org/mailman/listinfo/stork-users
Best regards,
Matthijs
On 1/27/23 13:51, Vladimir Nikolic via bind-users wrote:
Hi,
Looks like stork agent doesn't work in a named chroot environment.
On one of my systems, it complains about non-existing config file:
stork-agent[129190]: time="2023-01-27 04:47:07" level="warning"
msg="cannot parse BIND 9 config file /etc/named.conf: exit status 1;
/etc/named.conf:8: open
> On 27. 1. 2023, at 1:49, John Thurston wrote:
> And now when I study my xfer.log more closely, the behavior changed this
> morning when I completed the update from 9.18.10 -> 9.18.11
> I'm not yet ready to revert, because this isn't affecting my business (this
> is a really small zone). Is a
Hi John.
Personally, I would start by drawing a picture (I like pictures) of all the
players in the game and gathering data, leaving nothing out, including:
- All servers, with all IP addresses.
- SOA and NS records of working zones and the troublesome RPZ zone.
- Which servers are author
13 matches
Mail list logo
