Hello again,
On Sun, 16 May 2021, I wrote:
... If you can't agree their numbers then
you're some information ...
Having screen troubles. The word 'missing' is missing.
--
73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-user
Hi there,
On Sun, 16 May 2021, Dan Egli wrote:
... I'm aware of the buddyns.com servers not responding. Noting I can
do about that. They CLAIM I've had over 300k requests in the last couple
of weeks and have exceeded my monthly cap. I say Bull Crap ...
I'd be inclined to believe them, but yo
Even jupiter.eglifamily.name. doesn’t return DNSSEC signed zone:
$ dig +norec +dnssec IN mx newideatest.site @jupiter.eglifamily.name.
; <<>> DiG 9.17.11-1+0~20210318.53+debian10~1.gbp0184f1-Debian <<>> +norec
+dnssec IN mx newideatest.site @jupiter.eglifamily.name.
;; global options: +cmd
;; Go
Yea, I'm aware of the buddyns.com servers not responding. Noting I can
do about that. They CLAIM I've had over 300k requests in the last couple
of weeks and have exceeded my monthly cap. I say Bull Crap and am
looking to move to different servers.
Meanwhile, I found that the google nameservers
Sorry, miss read your version 11 vs 16. That said it is hard to work out what
is going wrong when
you keep changing things and don’t actually have nameservers that are
responding. You had servers
that where giving DNSSEC responses, then ones that are returning unsigned
responses and now ones
I think Mark jumped on something else, your zone is seriously broken and not
because of DNSSEC:
https://dnssec-analyzer.verisignlabs.com/newideatest.site
All of these NSes must have the correct zone content and not be broken:
newideatest.site. 3600IN NS jupiter.eglifamily.na
Upgrade to WHAT? You said it was fixed in 9.11.25, but isn't that a lot
OLDER than 9.16.15, which is what I'm running?
jupiter ~ # named -v
BIND 9.16.15 (Stable Release)
jupiter ~ # dig -v
DiG 9.16.15
On 5/16/2021 12:06 AM, Mark Andrews wrote:
On 16 May 2021, at 10:17, Dan Egli via bind-use
> On 16 May 2021, at 10:17, Dan Egli via bind-users
> wrote:
>
> On 5/10/2021 12:38 PM, Tony Finch wrote:
>> Dan Egli
>> wrote:
>>
>>> Still not working for me. The dig doesn't report anything, and I don't HAVE
>>> a
>>> keyfile since i'm using inline signing. Or does inline signing still
On 5/10/2021 12:38 PM, Tony Finch wrote:
Dan Egli wrote:
Still not working for me. The dig doesn't report anything, and I don't HAVE a
keyfile since i'm using inline signing. Or does inline signing still require a
key to be generated?
Yes, you need to do your own key management with inline-sig
Okay, so I added the policy, and things MOSTLY look okay. But when I
retake the verification test, I get errors about no RRSIGs found. What
do I do to resolve that issue?
On 5/10/2021 12:38 PM, Tony Finch wrote:
Dan Egli wrote:
Still not working for me. The dig doesn't report anything, and I
Dan Egli wrote:
>
> Still not working for me. The dig doesn't report anything, and I don't HAVE a
> keyfile since i'm using inline signing. Or does inline signing still require a
> key to be generated?
Yes, you need to do your own key management with inline-signing using
dnssec-keygen. The new dn
On 5/10/2021 12:17 PM, Tony Finch wrote:
Dan Egli wrote:
Where do I get the DS record, since i'm using bind's inline signing?
Use the dnssec-dsfromkey tool, e.g. from a key file (make sure it's the
KSK file)
$ grep This Kcam.ac.uk.+013+32840.key
; This is a key-signing key, ke
Dan Egli wrote:
>
> Where do I get the DS record, since i'm using bind's inline signing?
Use the dnssec-dsfromkey tool, e.g. from a key file (make sure it's the
KSK file)
$ grep This Kcam.ac.uk.+013+32840.key
; This is a key-signing key, keyid 32840, for cam.ac.uk.
$ dnss
that already?
John
Sent from Nine <http://www.9folders.com/>
*From:* Dan Egli
*Sent:* Monday, May 10, 2021 12:20 AM
*To:* bind-users@lists.isc.org
*Subject:* Inline signing fails dnsviz test.
I tried to setup inline signing on my DNS server, and after
-users@lists.isc.org
Subject: Inline signing fails dnsviz test.
I tried to setup inline signing on my DNS server, and after reading the
results from DNSVIZ, i'd say I was PARTIALLY successful, but there still
seems to be a lot missing.
You can check the status on dnsviz yourself with the names
eglifami
I would recommend starting here:
https://bind9.readthedocs.io/en/latest/dnssec-guide.html
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 10. 5. 2021, at 7:19, Dan Egli wrote:
16 matches
Mail list logo
