Re: Free secondary servers supporting DNSSEC?

https://puck.nether.net/dns/login -- Bryan S.G. On 17 February 2013 20:40, Robert Moskowitz wrote: > I hope to roll out my DNS upgrade today, but without enabling DNSSEC; that > will take a bit longer. > > One of my secondaries, though, does not support DNSSEC and it is the one > that gives me

Re: Requesting tips on setting TTLs so that expired RRSIG data doesn't stay in the zone

key-directory ""; inline-signing yes; auto-dnssec maintain; }; -- Bryan S.G. On Fri, Dec 14, 2012 at 6:53 PM, Phil Mayers wrote: > On 12/14/2012 10:48 AM, GS Bryan wrote: >> >> Reference: http://dnssec-debugger.verisignlabs.com/imouto.my >&g

Requesting tips on setting TTLs so that expired RRSIG data doesn't stay in the zone

Reference: http://dnssec-debugger.verisignlabs.com/imouto.my How to configure named (version BIND 9.9.2-P1-RedHat-9.9.2-2.P1.el5) so that expired RRSIG data doesn't stay in the zone? I heard it has omething to do with the TTL of the zone (the expiry timer in that zone's SOA). The named.conf has th

Re: Problem with ACL in named.conf

My BIND version, as shown by 'named -v' is BIND 9.9.1-P1-RedHat-9.9.1-2.P1.el6. 'named-checkconf /etc/named.conf' doesn't throw any error messages whatsoever. -- Bryan S.G. On Thu, Aug 30, 2012 at 9:59 AM, Jeremy C. Reed wrote: > On Thu, 30 Aug 2012, GS Bryan wro

Re: Problem with ACL in named.conf

23, and 22.22.22.224 right? -- Bryan S.G. On Thu, Aug 30, 2012 at 9:42 AM, Doug Barton wrote: > On 08/29/2012 03:25 PM, GS Bryan wrote: >> Then when I put the 'alladdr' thing in my 'allow-transfer' and >> 'also-notify' arguments, > > also-notify d

Problem with ACL in named.conf

I tried to use the acl statement in my named.conf file, but I have a hard time making it work. In my named.conf file, I've put these acl statements in these formats (made up IP addresses mind you):- -- // Individual ACL list acl addr1 { 11.22.33.44; 12.23.34.45; }; acl ad

Re: rndc signing -nsec3param

On Sun, Aug 12, 2012 at 2:15 AM, Nate Itkin wrote: > On Sun, Aug 12, 2012 at 01:17:11AM +0800, GS Bryan wrote: >> How to exactly use the 'rndc signing -nsec3param' command? >> The usage seems to be 'rndc signing -nsec3param > name>', but even the ARM do

rndc signing -nsec3param

How to exactly use the 'rndc signing -nsec3param' command? The usage seems to be 'rndc signing -nsec3param ', but even the ARM doesn't say anything about what exactly looks like. But from what I've glean from Uncle Google, an example command that looks like this: 'rndc signing -nsec3param 1 0 1

Re: DS record TTL question.

sey Deccio writes: >> >> On Wed, Aug 8, 2012 at 9:36 AM, GS Bryan wrote: >> >> > My question is how can I control the TTL of the DS record inserted into a >> > signed zone via inline signing? I'm using BIND 9.9.1 P2. >> > >> > My zone file

DS record TTL question.

My question is how can I control the TTL of the DS record inserted into a signed zone via inline signing? I'm using BIND 9.9.1 P2. My zone file has a default TTL of 3600 a.k.a. 1 hour, but it seems the 2 DS records put into the signed version of the zone has the TTL of 1 day. I would like that the