On Oct 16, 2012, at 7:48 PM, pangj wrote:
>
> $ dig +dnssec udp53.org soa
>
> ; <<>> DiG 9.6.1-P2 <<>> +dnssec udp53.org soa
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37254
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONA
babu dheen wrote:
>
> All users in our company using internal DNS server for name resolution.
> All internal DNS server are pointed to our gateway recursive BIND name
> server which is responsible for getting DNS queries from authoritative
> internet DNS server.
>
> Now we would like to configure
At 21:10 16-10-2012, pangj wrote:
IMO, a resolver will have the ability to get the public key of a ZSK
for validating the signed RR. How will it get this public key?
And, is the usage of a KSK similiar to the CA certificate?
See http://www.nlnetlabs.nl/publications/dnssec_howto/
Regards,
-sm
IMO, a resolver will have the ability to get the public key of a ZSK for
validating the signed RR. How will it get this public key?
And, is the usage of a KSK similiar to the CA certificate?
Thanks again.
于 2012-10-17 11:25, Alan Clegg 写道:
On Oct 16, 2012, at 8:17 PM, pangj wrote:
于 2012
于 2012-10-17 11:25, Alan Clegg 写道:
On Oct 16, 2012, at 8:17 PM, pangj wrote:
于 2012-10-17 11:10, Alan Clegg 写道:
No, it means that I haven't inserted the DS record for dnslab.org into the .org
zone.
for DS record's data, is it the public key of ZSK? thanks.
No, it's a hash of the KSK.
A
On Oct 16, 2012, at 8:17 PM, pangj wrote:
> 于 2012-10-17 11:10, Alan Clegg 写道:
>> No, it means that I haven't inserted the DS record for dnslab.org into the
>> .org zone.
>
> for DS record's data, is it the public key of ZSK? thanks.
No, it's a hash of the KSK.
AlanC
--
Alan Clegg | +1-919-
于 2012-10-17 11:10, Alan Clegg 写道:
No, it means that I haven't inserted the DS record for dnslab.org into the .org
zone.
for DS record's data, is it the public key of ZSK? thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
In message <507e212e.5090...@riseup.net>, pangj writes:
> ÓÚ 2012-10-17 10:54, Mark Andrews дµÀ:
> > There is no DS for udp53.org so there is no secure trust chain.
>
> does this mean .org has not been signed?
No. It means that there is no DS for udp53.org.
For udp53.org to validate as secure
On Oct 16, 2012, at 8:08 PM, pangj wrote:
> 于 2012-10-17 10:54, Mark Andrews 写道:
>> There is no DS for udp53.org so there is no secure trust chain.
>
> does this mean .org has not been signed?
No, it means that I haven't inserted the DS record for dnslab.org into the .org
zone.
AlanC
--
Ala
于 2012-10-17 10:54, Mark Andrews 写道:
> There is no DS for udp53.org so there is no secure trust chain.
does this mean .org has not been signed?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
In message <507e1c73.6050...@riseup.net>, pangj writes:
> Hi,
>
> $ dig +dnssec udp53.org soa
>
> ; <<>> DiG 9.6.1-P2 <<>> +dnssec udp53.org soa
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37254
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHO
Hi,
$ dig +dnssec udp53.org soa
; <<>> DiG 9.6.1-P2 <<>> +dnssec udp53.org soa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37254
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 11
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:
On Tue, 2012-10-16 at 15:35 -0700, Alan Clegg wrote:
>
> You can still find it at ISC:
> http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
>
> It is a bit long in the tooth. I'll be updating it soon to cover the work
> done by ISC in BIND 9.9
>
> All are welcome to propose titles for this n
On Oct 16, 2012, at 3:11 PM, Noel Butler wrote:
> Alan Clegg wrote a quick howto DNSSEC in 6 minutes, you might want to google
> it, since ISC has destroyed their "new" website, I no longer see it in quick
> look to show you a link, apparently, it might be buried somewhere in
> kb.isc.org, if
On Oct 16, 2012, at 3:11 PM, Noel Butler wrote:
> Alan Clegg wrote a quick howto DNSSEC in 6 minutes, you might want to google
> it, since ISC has destroyed their "new" website, I no longer see it in quick
> look to show you a link, apparently, it might be buried somewhere in
> kb.isc.org, if
On Tue, 2012-10-16 at 22:07 +0800, babu dheen wrote:
> Dear All,
>
> I am new to DNSSEC. I need your valuable help to understand and
> configure DNSSEC on my company Name servers.
>
> All users in our company using internal DNS server for name
> resolution. All internal DNS server are pointed t
16 matches
Mail list logo
