2011/8/9 Chris Buxton :
> On Aug 9, 2011, at 10:07 AM, John Williams wrote:
>
>> --- On Tue, 8/9/11, Chris Buxton wrote:
>>
>>> With a private version of a domain, you should not need to
>>> worry about a DS record in the parent. Just make sure your
>>> internal caching servers not only can find t
Unless I'm very mistaken, an "AD Integrated" (as opposed to
"primary"/"secondary") zone cannot be protected by DNSSEC. (remember
having read this in the MS's DNSSEC document).
Also (in that document) : max algorithm supported is 5 (RSASHA1).
This means that using MS DNS as validating caching name
In message <37eb0c69-09a1-45a8-9d0e-1027ccbf8...@gmail.com>, Chris Buxton write
s:
> The use of internal, private namespace should be entirely transparent to any
> service other than DNS. Your mail server should not need to know about it, an
> d should not be able to detect it (other than watchin
On Aug 9, 2011, at 10:07 AM, John Williams wrote:
> --- On Tue, 8/9/11, Chris Buxton wrote:
>
>> With a private version of a domain, you should not need to
>> worry about a DS record in the parent. Just make sure your
>> internal caching servers not only can find the internal
>> version of your
--- On Tue, 8/9/11, Chris Buxton wrote:
> From: Chris Buxton
> Subject: Re: DNSSEC and MS AD
> To: "John Williams"
> Cc: bind-users@lists.isc.org
> Date: Tuesday, August 9, 2011, 5:00 PM
> On Aug 9, 2011, at 9:13 AM, John
> Williams wrote:
>
> > M
On Aug 9, 2011, at 9:13 AM, John Williams wrote:
> My company (as many) run Microsoft Active Directory internally and we use
> BIND for our Internet DNS presence. We have had our domain singed for some
> time. Now I've been tasked to look into Signing our AD implementation. MS
> has their ow
6 matches
Mail list logo
