> -Ursprüngliche Nachricht-
> Von: bind-users Im Auftrag von Carsten
...
> It would be nice to have a "dry-run" mode in BIND 9, where BIND 9 would
> report steps it would do because of "dnssec-policy", but will not execute the
> changes.
If this Bind9 is only a hidden primary, disable all
Matthijs Mekking wrote:
> As the main developer of dnssec-policy, I would like to confirm that
> what has been said by Michael and Nick are correct.
Cool.
> - When migrating to dnssec-policy, make sure the configuration matches
> your existing keys.
Is there a way to validate t
Hi Ondřej,
> On 27. Feb 2024, at 16:43, Ondřej Surý wrote:
>
> Carsten, could you please fill a feature request in the GitLab?
Done, #4606.
Greetings
Carsten
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this softwar
Hi Jim,
> On 27. Feb 2024, at 16:39, Jim P. via bind-users
> wrote:
>
> There should also be an option to display the current configuration in
> specific detail to easily create a new KASP (side question: why does DNS
> need a new acronym?)
The term “KASP” for “Key-and-signing-policy” has been
Carsten, could you please fill a feature request in the GitLab?
Thanks,
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 27. 2. 2024, at 16:06, Carsten Strotmann via bind-users
On Tue, 2024-02-27 at 16:06 +0100, Carsten Strotmann via bind-users
wrote:
> It would be nice to have a "dry-run" mode in BIND 9, where BIND 9
> would report steps it would do because of "dnssec-policy", but will
> not execute the changes.
**This** ^^^
There should also be an option to display th
Hi Matthijs,
On 27 Feb 2024, at 15:54, Matthijs Mekking wrote:
> - When migrating to dnssec-policy, make sure the configuration matches your
> existing keys.
the most problems I've seen so far have to do with this step: admins "think"
they have created a configuration that matches the current
As the main developer of dnssec-policy, I would like to confirm that
what has been said by Michael and Nick are correct.
I will repeat the most important takeaways:
- Setting the lifetime to unlimited on keys and BIND will never roll
your keys automatically.
- Most issues that were shared on
Hi,
Here is a (possibly) helpful guide that might be of use when migrating
from auto-dnssec to dnssec-policy:
https://kb.isc.org/docs/dnssec-key-and-signing-policy
Thank you,
Darren Ankney
On Tue, Feb 27, 2024 at 1:01 AM Nick Tait via bind-users
wrote:
>
> On 27/02/2024 13:22, Michael Sinatra w
9 matches
Mail list logo
