> to change RRSIG values.
webmin module provide correct support to resignzone
thanks also to automatic resign
--
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://urlshort.eu fakessh @
pgpdF2sY8w6Ua.pgp
Descrip
Le vendredi 22 avril 2011 04:20, Security Admin (NetSec) a écrit :
> I am running BIND 9.4.2-P2 on OpenBSD v4.8
>
> I have created the ZSK and KSK and added the keys to my zonefile
> "mydomain.hosts" using the "cat" command to append to the end of the host
> file.
>
> When attempting to use the fo
the implementation of resolution dnssec for the bind dns dry this
natively in the distribution centos 5.5 is feasible
try a simple config
Le vendredi 08 avril 2011 à 18:38 +0200, fddi a écrit :
> Hello,
> I was trying to add DLZ support to bind on CentOS 5.5 so it's
> bind-9.3.6-4.P1.el5_5
>
>
the result of debug is good and isc is good
Le mercredi 06 avril 2011 à 00:55 +0200, fakessh @ a écrit :
> hello bind guru
>
> I realized that you could mix dns seconday with or without dnssec is
> possible
>
> the script of the isc answers simply a warni
hello bind guru
I realized that you could mix dns seconday with or without dnssec is
possible
the script of the isc answers simply a warning to be validated
--
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
signature.asc
Descriptio
it is, I'm coming I do not understand the need to recreate and validate
the file keyset-en ... I then recreate a good record with the key in
this file and my past signatures are good. I did not understand
correctly the operation of dlv
keyset files and I recreated downgrade bind to the stable
dns appear as my syncro.
yet I'm still at the same point
missing keys
Le lundi 28 mars 2011 à 00:45 +0200, fakessh @ a écrit :
> I removed the dns that does not support dnssec
>
> Now it is necessary to wait a day or two
>
> Le dimanche 27 mars 2011 à 20:58 +0200, Torinth
I removed the dns that does not support dnssec
Now it is necessary to wait a day or two
Le dimanche 27 mars 2011 à 20:58 +0200, Torinthiel a écrit :
> On 03/27/11 20:45, fakessh @ wrote:
> > That would be the key with id 47103 in your case. The one that has SEP
> > flag, the one
EN: Sun Mar 27 20:35:15 2011
;; MSG SIZE rcvd: 40
it seems there is no deposit in dlv isc but I can not validate my own
I have the answer about the DS field. ovh do not want to do and they say RTFM
and desmerdevous
and i requote
how to do this ... the SEP record
Le dimanche 27 mars 2011
in insurance I googled
no result
how to do this ...
nb : i reajust my blog immediately
Le lundi 28 mars 2011 à 03:43 +1100, Mark Andrews a écrit :
> In message <1301241108.12273.192.camel@localhost.localdomain>, "fakessh @"
> writ
> es:
> > i use the key
>
/vwwMCTgNboMQKtUdvNXDrYJDSHZws3x
iRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh
and the other key include in the tarvall of bind
Le dimanche 27 mars 2011 à 14:59 +1100, Mark Andrews a écrit :
> Mark Andrews writes:
> >
> > In message <1301008426.12273.115.camel@localhost.localdomain>
Le vendredi 25 mars 2011 à 09:24 +1100, Mark Andrews a écrit :
> In message <1301004136.12273.106.camel@localhost.localdomain>, "fakessh @"
> writes:
> > Le vendredi 25 mars 2011 =C3=A0 08:24 +1100, Mark Andrews a =C3=A9crit :
> > > In message <1300993
http://secspider.cs.ucla.edu/fakessh-eu--dnskey.txt
this page indicate a DSA algorhtyme
it's my old algorthyme
new is RSA
Le vendredi 25 mars 2011 à 01:25 +0100, fakessh @ a écrit :
> I did click Click ManageZones
> Click on (details)
> Click under More (more)
> performance te
73.115.camel@localhost.localdomain>, "fakessh @"
> writes:
> > it is 6 months since I used no worries dlv
>
> What keys do you have recorded with dlv.isc.org?
> Do they match what you currently have in the zone?
>
> Click on ManageZones
> Click on (details)
&
it is 6 months since I used no worries dlv
Le jeudi 24 mars 2011 à 23:21 +0100, fakessh @ a écrit :
> everything worked just fine until I change the key rdnc. ns in my side
> and only ns1.novacrea.fr ns1.xname.org are valid for dnssec
>
>
> Le jeudi 24 mars 2011 à 23:02 +01
the DS it is necessary that I contact OVH.
in the DLV conserne my problem I have this same recurring errors in the
script of the isc
that's my problem
Le vendredi 25 mars 2011 à 09:24 +1100, Mark Andrews a écrit :
> In message <1301004136.12273.106.camel@localhost.localdomain
everything worked just fine until I change the key rdnc. ns in my side
and only ns1.novacrea.fr ns1.xname.org are valid for dnssec
Le jeudi 24 mars 2011 à 23:02 +0100, fakessh @ a écrit :
> Le vendredi 25 mars 2011 à 08:24 +1100, Mark Andrews a écrit :
> > In message <1300993213.12
Le vendredi 25 mars 2011 à 08:24 +1100, Mark Andrews a écrit :
> In message <1300993213.12273.96.camel@localhost.localdomain>, "fakessh @"
> write
> s:
> > hi bind //guru/
> > hi isc guru
> > hi mark andrews
> > hi michel graff
>
&
hi bind //guru/
hi isc guru
hi mark andrews
hi michel graff
despite my efforts to validate isc dlv. I'm always at the same point I
can not validate the keys. error below the script isc
SUCCESS 94.23.59.30 answered DNSKEY query with rcode NOERROR
3.345:SUCCESS 87.98.186.232 answered DNSKEY query
I can wait how long before this ends?
Le mercredi 23 mars 2011 à 14:46 -0400, Joseph S D Yao a écrit :
> What is this??? To: "fakessh @"
>
>
> On Tue, Mar 22, 2011 at 02:59:22PM +0100, fakessh @ wrote:
> > hi bind guru
> >
> >
> > It appear
hi guru
I'm walking on the same server rndc and named
Le mercredi 23 mars 2011 à 14:46 -0400, Joseph S D Yao a écrit :
> What is this??? To: "fakessh @"
>
>
> On Tue, Mar 22, 2011 at 02:59:22PM +0100, fakessh @ wrote:
> > hi bind guru
> >
> >
&
hi isc
hi list
hi guru of bind
errors continue to recur rndc-key expired
But I apply the command for create the key
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST rndc-key
Le mercredi 23 mars 2011 à 16:24 +0100, fakessh @ a écrit :
> I use and bind rndc and dlv isc for dnssec
> my zone confi
I use and bind rndc and dlv isc for dnssec
my zone config like this
zone "renelacroute.fr" {
type master;
file "/var/named/renelacroute.fr.hosts";
auto-dnssec maintain;
update-policy local;
key-directory "/var/named/keys/";
allow-transfer { 213.2
mars 2011 à 02:30 +0100, fakessh @ a écrit :
> I changed options
>
> update-policy {
> grant fakessh.eu. name fakessh.eu. A TXT;
> };
>
> since
> update-policy {
> grant * self * A TXT;
> };
>
>
> Le mardi 22 mars 2011 à 14:59
I changed options
update-policy {
grant fakessh.eu. name fakessh.eu. A TXT;
};
since
update-policy {
grant * self * A TXT;
};
Le mardi 22 mars 2011 à 14:59 +0100, fakessh @ a écrit :
> hi bind guru
>
>
> It appears after the log that my signature rndc-key
hi bind guru
It appears after the log that my signature rndc-key has expired. how to
update it
--
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
signature.asc
Description: Ceci est une partie de message numériquement signée
I managed to walk isc dlv with only 2 servers with active dnssec above.
and I quote ns1.novacrea.fr and ns1.xname.org.
it produced no problem before
Le lundi 21 mars 2011 à 07:45 +0100, Torinthiel a écrit :
> On 03/21/11 02:13, fakessh @ wrote:
> > Yes, I bothered to redeploy new key
age <1300660825.6651.21.camel@localhost.localdomain>, "fakessh @"
> writes
> :
> >
> > Le dimanche 20 mars 2011 =C3=A0 22:47 +0100, Torinthiel a =C3=A9crit :
> > > On 03/20/11 22:33, fakessh @ wrote:
> > > > and what do I do.=20
> > >=20
>
Le lundi 21 mars 2011 à 10:58 +1100, Mark Andrews a écrit :
> In message <1300660825.6651.21.camel@localhost.localdomain>, "fakessh @"
> writes
> >
> > that's what I did
> > I made =E2=80=8B=E2=80=8Ba post on my blog explaining how I do
> &g
Le dimanche 20 mars 2011 à 22:47 +0100, Torinthiel a écrit :
> On 03/20/11 22:33, fakessh @ wrote:
> > and what do I do.
>
> You have to add your key to ISC's DLV registry. Go to dlv.isc.org,
> create account, login, add a zone, add keys for it and publish a record
&g
and what do I do.
and what is this other publication of another DS
Le lundi 21 mars 2011 à 08:25 +1100, Mark Andrews a écrit :
> In message <1300650238.6651.15.camel@localhost.localdomain>, "fakessh @"
> writes
> :
> > hello bind network and duru.
> >
&
hello bind network and duru.
I can not validate the key dlv via the website of the isc.
I do not understand why the warning is the isc
you have an explanation
SUCCESS 94.23.59.30 answered DNSKEY query with rcode NOERROR
4.502:SUCCESS 87.98.164.164 answered DNSKEY query with rcode NOERROR
4.502:
hi bind network
hi guru of bind
is there a special key DNSKEY for areas zone .eu
or should we be satisfied keys included in the tarball of bind
thanks for your return
--
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
signature.as
I recompile the source rpm fedora core 14 bind 9.7.3 to EL4 and EL5
with koji see my blog for explanations
http://fakessh.eu/2011/03/10/bind-9-7-3-sur-centos-5-5-depuis-rpm-source-fecora-14/
Le mardi 15 mars 2011 à 09:45 -0400, Mike Diggins a écrit :
> I'm about to transition my name servers fr
hello bind guru and list
How is it necessary to have a secondary dns ipv6 to properly establish a
connection ipv6
thanks for your return
--
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
signature.asc
Description: Ceci est une part
hello bind network , guru and other
since I installed the latest version of bind 9.7.3
I do not know me use rndc
rndc to each use is increment a serial in the area.
I do not remember using it.
can you give me a little explanation
--
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pg
solution
nb : I publish on my blog a little article on dnssec
http://fakessh.eu/2011/02/16/faire-marcher-dnssec-sur-son-serveur/
Le mardi 01 mars 2011 à 21:00 +0100, Torinthiel a écrit :
> On 03/01/11 20:17, fakessh @ wrote:
>
> > is the repeat isc dlv seems to accept the flag DS
> >
Le mardi 01 mars 2011 à 09:34 +0100, Laurent Bauer a écrit :
> On 28/02/2011 23:35, fakessh @ wrote:
> >> This is not handled yet. The .FR zone has been signed since september
> >> 2010, but submitting DS for child zones will be supported later this year.
> >> See
Le lundi 28 février 2011 à 20:14 +0100, Laurent Bauer a écrit :
> Eivind Olsen wrote:
> >
> > Well, I see a few different errors for that domain:
> >
> > I don't see any DS records for your domain when I query the fr.
> > nameservers. I don't know how it's handled in that TLD but I guess
> >
hello bind network
I just installed bind 9.7.3 version and I just noticed that the areas
have been modified by the rpm ( i think ).
they seem to have greater respect for the standards was the previous
version uses version 9.7.0-6.p2 depositing rpm centos testing
they are reading that you advise
thank you for this very constructive reflection. I just changed the zone
r13151.ovh.net it contained only fields ptr ns and I just added a field
and . I increment the serial then all and apply rndc reload flush
reconfig sign all zone
dig answer now seems
r13151 ~]# dig +short r13151.ovh.
Le lundi 24 janvier 2011 00:04, vous avez écrit :
> At this stage I think you will need to post the zone so we can see
> what you have done. Also the named.conf zone clause for ovh.net.
Marc thank you for your attention as you bear me, thank you very humbly
i paste my named.conf and the zone whi
hello
I tried to make a simple box ipv6 r13151.ovh.net did not I know about
registration . my domain names such fakessh.eu owns a recording
well.
how to properly configure a zone ipv6
thanks
Le dimanche 23 janvier 2011 à 03:41 +0100, Eivind Olsen a écrit :
> > administrators bind. How
hello
administrators bind. How is it necessary to have a secondary dns server
ipv6 in to establish a connection ipv6. I like ipv6 me and one of
someone else yet I can not properly establish connections ipv6 I do not
even know if I r13151.ovh.net answer properly in ipv6
sincerely
--
gpg --keyse
. fakessh.eu
and perform a complete resignatures area zone
this should enable me to have the flag DS and DS sign, DLV and DLV sign
in my area zone
its right
thanks for your return many return are welcome
Le jeudi 13 janvier 2011 à 12:36 -0500, Paul Wouters a écrit :
> On Thu, 13 Jan 2011, fake
hello bind network
hello dnssec network admin.
I correctly configure my server centos dnssec on with as a
representative of encryptions dlv isc. my question is relevant and was
already asked but I have not found the complete answer on google. my
question is how to include the DS record in the
Le mardi 04 janvier 2011 à 08:33 -0800, online-reg a écrit :
> > > Hi All: I have a /28 that was supposed to be delegated to my NS by my
> > > ISP.
> > >
> > > How can I check that it is correctly delegated? I have the in-addr.arpa
> > > zone
> > > configured in my NS and it resolves properly when
create slave zone with ptr and master zone
is documented with the manual
Le mardi 04 janvier 2011 à 07:32 -0800, online-reg a écrit :
> Hi All: I have a /28 that was supposed to be delegated to my NS by my
> ISP.
>
> How can I check that it is correctly delegated? I have the
> in-addr.arpa zone
Le jeudi 30 décembre 2010 à 20:29 +0100, lst_ho...@kwsoft.de a écrit :
> Zitat von Lazy :
>
> > 2010/12/30 Lazy :
> >> 2010/12/28 Dennis Clarke :
> >>>
> > trying to resolve www.microsoft.com or microsoft.com results in a
> > "connection timed out; no servers could be reached"
>
> >>
Le mardi 28 décembre 2010 à 16:42 -0500, Alan Clegg a écrit :
> On 12/28/2010 4:12 PM, fakessh @ wrote:
> > named-sdb[24511]: /var/named/renelacroute.fr.hosts.jnl: create:
> > permission denied
>
> Permissions are wrong on /var/named -- the named process needs to be
&g
sorry for the top box on alan clegg
Le lundi 27 décembre 2010 à 08:48 -0500, Alan Clegg a écrit :
> On 12/27/2010 1:07 AM, fakessh wrote:
>
> > good day and merry christmas.
>
> Thanks, and to you as well.
>
> > I just put in place guidelines in bind config to updat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hello bind network
good day and merry christmas.
I just put in place guidelines in bind config to update the signatures
dnssec
I'm looking for options that require the least amount of maintenace that
all updates of signatures are performed without an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hello bind network
good day and merry christmas.
I just put in place guidelines in bind config to update the signatures
dnssec
I'm looking for options that require the least amount of maintenace that
all updates of signatures are performed without an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Le 14.12.2010 19:28, fakessh @ a écrit :
> hello bind network
>
>
> I just realized that my version of bind and vulnerable and I'm wondering
> if by upgrading to version 9.5.2-P4 I would always be vulnerable
>
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hello bind network
I just realized that my version of bind and vulnerable and I'm wondering
if by upgrading to version 9.5.2-P4 I would always be vulnerable
i use centos 5.5 and use
http://www.pramberger.at/peter/services/repository/rhel5/ deposit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Le 10.12.2010 00:24, Matus UHLAR - fantomas a écrit :
> On 09.12.10 23:45, fakessh @ wrote:
>> webmin implement the mecanism of resign zones
>
> good to know, but our system fille DNS data using some automatic processes
> from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Le 09.12.2010 23:26, Matus UHLAR - fantomas a écrit :
>> In message <20101209220716.ga2...@fantomas.sk>, Matus UHLAR - fantomas
>> writes:
>>> pardon my ignorance if this has been discussed (haven't notice), but
>>> if BIND is configured to automatica
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hello bind network
hello guru of bind
hello everybody
i have all a slice of ipv6 address 2001:41D0:2:3Dd6::/64
and I would simply change it with my bind ipv6
please you have to be in your answer or I will not understand
Please give concrete examples
e and without RTFM
I compile my kernel is only ipv4 is no problems for the time but I would
one day confront the same problem and I do not know how to
aka /fakessh/
thanks for all
god bless all
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
hello all
hello bind network
I am having problems with my dk and dkim signature of my emails
I have successfully made the process of verification of signatures dnssec
all my domains are correct and good displays on dlv.isc.org
the reason for my problem just the reason that I have updated my pos
On Mon, 31 May 2010 05:25:56 +0200, fakessh wrote:
> hello all reader
> hello bind network
>
> I am having problems with my dk and dkim signature of my emails
> I have successfully made the process of verification of signatures
dnssec
> all my domains are correct and good displ
hello all reader
hello bind network
I am having problems with my dk and dkim signature of my emails
I have successfully made the process of verification of signatures dnssec
all my domains are correct and good displays on dlv.isc.org
the reason for my problem just the reason that I have updated my
On Mon, 07 Dec 2009 19:07:19 +0100, Chris Hills wrote:
> It is back now.
>
it is up for me
https://www.isc.org/
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
I use bind, and I have a configuration that seems normal to me on my server
Here
fakessh.eu. IN MX 10fakessh.eu.
fakessh.eu. IN TXT "v=spf1 ip4:94.23.60.255 mx mx:fakessh.eu ?all"
problem is when I'm trying to configure my mail server via
check-a...@verif
nb : "Buddha" peace themselve
On Thu, 30 Jul 2009 13:41:17 -0400, Joe Baptista
wrote:
> You guys get excited over small potatoes. There are hundreds of millions
of
> potential DLV RRsets. This is not even a drop in the bucket.
>
> cheers
> joe baptista
>
> p.s. this message does not imply i sup
http://www.xname.org
other dns service
On Sun, 19 Jul 2009 11:20:32 -0700, Scott Haneda
wrote:
> 99% of the time openDNS works by just pointing some agent to their ip
> space.
>
> That 1% of the time, openDNS tries to make DNS responses that are
> modified in a way to try to help you.
>
> Maybe
66 matches
Mail list logo
