End-user documentation for full DNSSEC automation using Bind9?

Hi, I run bind 9.9.2. I'm interested in fully automating the DNSSEC key generation/signing/rollover process. A while back, I'd used OpenDNSSEC to attempt it, but was ulitmately foiled by lack of a registrar with an API it could talk to. Since that time, IIUC, bind9's got all the tols integrated

how to verify RPZ with a 'known bad' domain from 3rd party zone file?

Hi, I've bind 9.9.2p1 setup to use the RPZ zone provided by spamhaus. Zone transfer is apparently working as it should. I'd like to verify that RPX redirection is actually working for a "known bad", real domain. (1) How/where do you extract a bad domain name from the axfr'd RPZ zone file? It's

Re: Initial BIND 9.9.2 RPZ xfr (spamhaus) failing with "failed to connect: timed out" ?

Hi On Fri, Mar 8, 2013, at 02:17 AM, Steven Carr wrote: > Hi there! > > What tweaking did you need to do to NAT to get it to work? I'm still > stuck with the problem and it's looking like it's either NAT or a > fragmentation issue for me :( I've multiple static IPs. DNS is not on the default IP

Re: Initial BIND 9.9.2 RPZ xfr (spamhaus) failing with "failed to connect: timed out" ?

hi, with all of your questions/guidance, I made some progress. definitely some PEBKAC. made mapping adjustment/correction in my NAT src mapping table. checking dig soa rpz.spamhaus.org @199.168.90.52 ; <<>> DiG 9.9.2-rpz+rl.028.23-P1 <<>> soa rpz.spamha

Initial BIND 9.9.2 RPZ xfr (spamhaus) failing with "failed to connect: timed out" ?

hi, i've installed named -v BIND 9.9.2-rpz+rl.028.23-P1 i've registered my nameserver IP with spamhaus for use of its RPZ list; i've been approved for access. i've setup my bind9 conf for slave access to a spamhaus RPZ ... acl rpz4_spamhaus { 199.168.90.51; 199.168.90.52