On 2009-12-10 08:49, Niobos wrote:
Thank you very much for your help; I'll forward the conversation to the
bug-tracking list.
Since these are my first DNSSEC experiments, I just wanted to make sure that it
wasn't a problem with my understanding of the concept.
Niobos
This has been confi
Thank you very much for your help; I'll forward the conversation to the
bug-tracking list.
Since these are my first DNSSEC experiments, I just wanted to make sure that it
wasn't a problem with my understanding of the concept.
Niobos
On 10 Dec 2009, at 00:59, Hauke Lampe wrote:
> The signatures
[I finally gave up on trying to get Thunderbird *not* to wrap long
lines. Prefixing them with ">" seems to be the only way, even if confusing]
Niobos wrote:
>>> dig +dnssec removed.dnssec.dest-unreach.be
>> Even though I have added your DNSKEY as trusted key, I get SERVFAIL on
>> the first query
>> Could you try this lookup?
>> dig +dnssec removed.dnssec.dest-unreach.be
>
> I see now what you mean.
>
> Even though I have added your DNSKEY as trusted key, I get SERVFAIL on
> the first query and NXDOMAIN on the second, without BIND doing any
> additional outgoing queries.
This is the same
Niobos wrote:
> As soon as I activate DLV (besides the manual SEP I entered), the "removed"
> behaviour changes:
> * First lookup still returns SERVFAIL
> * Subsequent lookups now return NXDOMAIN with the AD flag *set*! (log
> confirms that my domain is not in the DLV and hence is insecure)
Tha
On 08 Dec 2009, at 15:18, Hauke Lampe wrote:
> Niobos wrote:
>
>> When requesting a lookup of "removed", I get a SERVFAIL as well. However,
>> every subsequent request for "removed" gets an NXDOMAIN. (dig outputs below)
>> Flushing the caches on the RR with "rndc flush" causes the first request t
Niobos wrote:
> When requesting a lookup of "removed", I get a SERVFAIL as well. However,
> every subsequent request for "removed" gets an NXDOMAIN. (dig outputs below)
> Flushing the caches on the RR with "rndc flush" causes the first request to
> be a SERVFAIL again.
I cannot reproduce this b
Hi all,
I'm having some problems with implementing DNSSEC with NSEC3. I'm fairly new to
DNSSEC, so it is certainly possible that my understanding of the subject is
causing me to miss something. Also, I'm not entirely sure this is the correct
mailing list, more accurate pointers are welcome.
Th
8 matches
Mail list logo
