DNSSEC book reviewers wanted

2013-02-20 Thread Michael W. Lucas
work here. Thanks, ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e coupon code "ILUVMICHAE

Re: private trust anchor

2013-02-10 Thread Michael W. Lucas
On Sun, Feb 10, 2013 at 11:26:27PM +, Evan Hunt wrote: > On Sun, Feb 10, 2013 at 05:57:42PM -0500, Michael W. Lucas wrote: > > Is there a way to set up a private trust anchor for internal-only > > zones with BIND 9.9? > > > > I have some local and RFC1918 zones

private trust anchor

2013-02-10 Thread Michael W. Lucas
aft-jabley-dnssec-trust-anchor-06, which has great gobs of theory, but nothing on how to actually do this with BIND. Has anyone done this? Or is this just daft? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Ma

Re: key rollover with BIND 9.9

2013-01-26 Thread Michael W. Lucas
On Sat, Jan 26, 2013 at 10:49:39AM +0100, Axel Rau wrote: > > Am 26.01.2013 um 00:39 schrieb Michael W. Lucas: > It's your responsibility to create the keys and to renew the DS-RR with your > registrar. Thank you for the straightforward answer. > I have written a python3 s

key rollover with BIND 9.9

2013-01-25 Thread Michael W. Lucas
e other document I need to read? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@michaelwlucas.com, Twitter @mwlauthor __

Re: set directory for "auto" key files

2013-01-07 Thread Michael W. Lucas
; > One slight niggling disadvantage is that you can't tell > named-checkzone / named-compilezone with the -j option where > to find the journal is it isn't in the default location. > > -- > Chris Thompson > Email: c...@cam.ac.uk > _

set directory for "auto" key files

2013-01-07 Thread Michael W. Lucas
ry structure and stuff it under the working directory. Yet I'd really like to use auto DNSSec and DLV. Or am I just asking for too much? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://w

Re: trying DNSSEC with 9.9-rc1

2012-02-01 Thread Michael W. Lucas
ther good tests for your DNSSEC-enabled zones are at > http://dnsviz.net/ and http://dnssec-debugger.verisignlabs.com/. > > Jeffry A. Spain > Network Administrator > Cincinnati Country Day School > Thanks for your advice! This gave me everything I needed. After in

trying DNSSEC with 9.9-rc1

2012-02-01 Thread Michael W. Lucas
SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Feb 1 17:12:21 2012 ;; MSG SIZE rcvd: 116 My understanding is that once I get this to work, I use $ dnssec-dsfromkey -2 Ktransnetworks.net. and give that to my registrar. Any suggestions, folks? What am I not understanding? Thanks, ==ml --