> On 16 Jan 2015, at 15:36, John wrote:
>
> DNAME will not work with DNSSEC.
Other people have already corrected this statement, but I want to point out
there are situations where DNAME makes DNSSEC easier. We use it extensively in
our reverse DNS to delegate 128.232.128.0/17 from one part of
On 1/16/2015 10:26 AM, Phil Mayers wrote:
Turned out that my (old) router was glitching and losing stuff along the
way. New router solved problem!
--
John Allen
KLaM
--
How do you tell when you're out of invisible ink?
smime.p7s
Description: S/MIME Cr
>> I have just tried it again and I don't get the answers I expect? I see
>> the DNAME but the system does not seem to be following it.
DNAMEs provide aliases for names below the one at the DNAME, but not
for the name itself. That is, if you do this:
bar.example DNAME foo.example
you wi
On 16/01/2015 15:36, John wrote:
> DNAME will not work with DNSSEC.
> DNAME only work with the sub-tree, while DNSSEC is at the domain level.
>
> taking the example:
> klam.biz IN DNAME klam.com
>
> DNSSEC will try to find keys for klam.biz NOT klam.com, which results i
On Fri, Jan 16, 2015 at 10:49 AM, Casey Deccio wrote:
> ... The CNAME requires to RRSIG...
>
Typo:
That should read: "... The CNAME requires no RRSIG..."
Cheers,
Casey
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Hi John,
On Fri, Jan 16, 2015 at 10:36 AM, John wrote:
> DNAME will not work with DNSSEC.
>
Not true. DNAMEs enable CNAME synthesis to other domains, after which
synthesis the response works just like regular CNAME response would. The
authentication works by authenticating the DNAME (using t
In article ,
Phil Mayers wrote:
> On 16/01/2015 15:07, John wrote:
> > On 1/16/2015 8:59 AM, Phil Mayers wrote:
> >> On 16/01/2015 13:00, John wrote:
> >>> But for this to work I would need to enable recursion on the
> >>> authoritative server for masters
> >>
> >> Why?
> >>
> > Because the la
DNAME will not work with DNSSEC.
DNAME only work with the sub-tree, while DNSSEC is at the domain level.
taking the example:
klam.biz IN DNAME klam.com
DNSSEC will try to find keys for klam.biz NOT klam.com, which results in
DNSSEC failure.
It looks like the only way to do this is to point
On 16/01/2015 15:07, John wrote:
On 1/16/2015 8:59 AM, Phil Mayers wrote:
On 16/01/2015 13:00, John wrote:
But for this to work I would need to enable recursion on the
authoritative server for masters
Why?
Because the last time I tried it, it did not work!
Authoritative servers don't ne
On 1/16/2015 8:59 AM, Phil Mayers wrote:
On 16/01/2015 13:00, John wrote:
But for this to work I would need to enable recursion on the
authoritative server for masters
Why?
Because the last time I tried it, it did not work!
I have just tried it again and I don't get the answers I expect? I
On 1/16/2015 8:59 AM, Phil Mayers wrote:
On 16/01/2015 13:00, John wrote:
But for this to work I would need to enable recursion on the
authoritative server for masters
Why?
___
Further problem is that DNSSEC tests show problem with NS records.
--
On 16/01/2015 13:00, John wrote:
But for this to work I would need to enable recursion on the
authoritative server for masters
Why?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing
I have three domains two of which are aliases for the other (klam.ca -
aliases klam.biz and klam.com).
Within the these domains I have TLSA records for things like the email
system and some web services.
I originally thought of using dname records for the domain aliases and
cname records for t
13 matches
Mail list logo
