[ Quoting at 14:33 on Mar 7 in "RE: fermat primes
an..." ]
> > Its not about integer overflow, it's about the fact that F5 does not add to
> > the security, but does use up a lot of CPU cycles.
>
> I'd like to study this issue more. Would you please provide a reference that
> discusses your a
[ Quoting at 04:07 on Mar 7 in "RE: fermat primes
an..." ]
> > I would recommend that dnssec-keygen starts ignoring the "-e" parameter
> > that everyone has put in their scripts to prevent exponent 3 keys, who are
> > not getting keys with exponent 4294967296 + 1 (F5)
>
> > Alternatively, if
nd there isn't.
Where is this specified? The closest I can find is 1035, but it
only says:
( ) Parentheses are used to group data that crosses a line
boundary. In effect, line terminations are not
recognized within pare
> > In other words: is the space significant in the second example?
>
> no.
Ok, that's in line with RFC 1035. But I'm confused now, if that space is
not significant, BIND should be able to correctly parse the HIP record
as emailed before (and not try
[ Quoting at 07:09 on Feb 20 in "Re: HIP record..." ]
> Both records are malformed. Remove the whitespace from the public key.
>
>The Public Key field is represented as the Base64 encoding [RFC4648]
>of the public key. The encoding MUST NOT contain whitespace(s) to
>distinguish it f
Hello,
While playing with the HIP record I wanted to place some test records
in a zone. I used the examples from RFC 5205 (Section 6.).
;; Tests
t IN HIP ( 2 200100107B1A74DF365639CC39F1D578
AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p
9+LrV4e19Wz
[ Quoting at 00:36 on Feb 18 in "RE: A few
conceptual..." ]
> Firstly, where do we get the public key for the DS records?
>
> Can you clarify your question???
>
>
>
> Second, why do I get multiple DS records as response? –
>
> You will always get a 2 DS Records in response. One for SHA-1 and
[ Quoting at 22:53 on Feb 14 in "Query Regarding
NSEC..." ]
> Dear Team,
>
> We have a Authenticated Response in DNSSEC through trust chain.
>
> Now my question is why we itself need a NSEC when we get response from DNSSEC
> enabled server authentically.
>
>
>
> Means, if a Record exist in
[ Quoting at 23:10 on Feb 12 in "dig -- only RRSIG pr..."
]
> I'm trying to see DNSSEC response of various sites; my DNS server is
> 8.8.8.8 (google's public DNS service)
Google's public resolvers don't handle DNSSEC very well...
grtz Miek
signature.asc
Description: Digital signature
[ Quoting at 13:32 on Feb 6 in "Re: bind crash with ..." ]
> >needed to go in production. (Sadly bind bugs aren't searchable on the
> >internet).
> >
> >So to work around this I thought: kill the SOA timers (messing with the
> >zone is not an option) and only use notifies. But then bind crashes :
[ Quoting at 10:50 on Feb 3 in "Re: bind crash with ..." ]
> >Does this also stop a slave from checking when it receives a
> >notify? The documentation isn't clear on that.
>
> configure master not to send notifies then. Alternatively, you can
> deny notifies from master. But the first Mark's qu
[ Quoting at 11:10 on Feb 3 in "Re: bind crash with ..." ]
> > I'm using the following settings in named.conf:
> >
> > max-refresh-time 0;
> > min-refresh-time 0;
> > max-retry-time 0;
> > min-retry-time 0;
> > multi-master yes;
>
> What are you trying to achieve? A slave it needs to check tha
Hello,
I'm using the following settings in named.conf:
max-refresh-time 0;
min-refresh-time 0;
max-retry-time 0;
min-retry-time 0;
multi-master yes;
Seems that BIND (9.7.3-something and 9.7.4-p1 tested) does not
like this:
Feb 2 15:33:39 ns01 named[24249]: adjusted limit on open files from 102
13 matches
Mail list logo
