> > I'd like to get your feedback on
> the following thoughts regarding DNSSEC HW support.
> >
> > Any layer 2 or 3 devices forwarding frames or packets
> should not be affected by the implementation of DNSSEC
> regardless of the type of protocol (TCP/UDP) or the query
> size (large or small).
> >
I'd like to get your feedback on the following thoughts regarding DNSSEC HW
support.
Any layer 2 or 3 devices forwarding frames or packets should not be affected by
the implementation of DNSSEC regardless of the type of protocol (TCP/UDP) or
the query size (large or small).
Layer 4 devices (sm
er
> architectural problem. The way to keep your cache from
> getting "poisoned" by unwanted NS records is to define the
> relevant delegation point(s) as master/slave/stub, rather
> than skinnying the responses from your upstream and hoping
> for the best...
>
>
>
>
>
>
>
>
>
>
>
>
>
>
The following two DIG replies were obtained in a closed lab for the same
query. Note the Header and Answer sections are similar (the response ID was
stripped out). But the Authority and Additional sections of the response
differ.
My questions: These responses are not wrong. They are differn
That was very helpful. Thanks.
One last query. For signed domains registered with and using ISC.ORG trust
anchor, is there a sanity check similar to what you displayed below?
--- On Thu, 1/28/10, Evan Hunt wrote:
> From: Evan Hunt
> Subject: Re: DNSSEC DSSET & KEYSET
&g
Is there a tool/process to verify if the parenet domain has DSSET, KEYSET, or
keys in place for the child domain? Thanks.
--- On Thu, 1/28/10, Florian Weimer wrote:
> From: Florian Weimer
> Subject: Re: DNSSEC DSSET & KEYSET
> To: "prock...@yahoo.com"
> Cc: bind-
In a DNSSEC compliant world (I know we're not there yet) we need to give a copy
of our DSSET and KEYSET to our parent domain. Please confirm that is an
accurate statement.
So my question is, is there a way through DIG (or some other utility) to
confirm that the parent domain has the DSSET and
7 matches
Mail list logo
