> > I always had the impression that dnssec-signzone is a stand-alone
> > utility and signing is done either with dnssec-signzone or with
> > Bind's dnssec-policy. Does it really work to use dnssec-signzone on a
> > zone and journal that is managed by named?
>
> No, it doesn't work like that. You
Hi Matthijs!
I always had the impression that dnssec-signzone is a stand-alone utility and
signing is done either with dnssec-signzone or with Bind's dnssec-policy. Does
it really work to use dnssec-signzone on a zone and journal that is managed by
named?
Regards
Klaus
--
Klaus Darilion, Hea
On 01. 10. 24 14:45, Klaus Darilion via bind-users wrote:
I always had the impression that dnssec-signzone is a stand-alone
utility and signing is done either with dnssec-signzone or with
Bind's dnssec-policy. Does it really work to use dnssec-signzone on a
zone and journal that is managed by nam
Hi Petr!
> It can be said that the interface pushes people to follow RFC 9276, i.e.
> no salt and no extra iterations.
>
> It is an pointless exercise which only makes servers easier to DoS for
> no benefit.
I understand your decision to push people towards RFC 9276.
> Why do you need extra sal
On 10/1/24 09:44, Klaus Darilion wrote:
Hi Matthijs!
I always had the impression that dnssec-signzone is a stand-alone
utility and signing is done either with dnssec-signzone or with
Bind's dnssec-policy. Does it really work to use dnssec-signzone on a
zone and journal that is managed by name
On 01. 10. 24 15:41, Klaus Darilion wrote:
Hi Petr!
It can be said that the interface pushes people to follow RFC 9276, i.e.
no salt and no extra iterations.
It is an pointless exercise which only makes servers easier to DoS for
no benefit.
I understand your decision to push people towards R
6 matches
Mail list logo
