Re: Automated DNSSEC (command line)

2010-05-28 Thread Casey T. Deccio
On May 28, 2010, at 5:11 PM, Michelle Konzack wrote: > > I have updated the serialnumber manualy and it just updated ... > > OK, now I have tried the second Zone > > > > but it tell me: > > RRSIG itsystems.tamay-dogan.net/SOA by 005+

Re: Automated DNSSEC (command line)

2010-05-28 Thread Mark Andrews
In message <20100529001832.gb4...@tamay-dogan.net>, Michelle Konzack writes: > > Hello Mark, > > Am 2010-05-29 09:06:40, hacktest Du folgendes herunter: > > You can just let named re-sign the zone for you. Treat the zones > > as dynamic and named from BIND 9.6 onwards will maintain the > > sign

Re: Automated DNSSEC (command line)

2010-05-28 Thread Michelle Konzack
Hello Mark, Am 2010-05-29 09:06:40, hacktest Du folgendes herunter: > You can just let named re-sign the zone for you. Treat the zones > as dynamic and named from BIND 9.6 onwards will maintain the > signatures for you. What do you mean with "Treat the zones as dynamic"? Is there a special optio

Re: Automated DNSSEC (command line)

2010-05-28 Thread Michelle Konzack
Hello again, Am 2010-05-28 14:43:54, hacktest Du folgendes herunter: > Looks okay to me. Here's what your signed zone looks like visually: > > http://dnsviz.net/d/tamay-dogan.net/dnssec/ > > Although, it looks like you perhaps didn't increment the zone serial, as > only one of your authoritativ

Re: Automated DNSSEC (command line)

2010-05-28 Thread Mark Andrews
In message <20100528211806.gx4...@tamay-dogan.net>, Michelle Konzack writes: > Hello DNSSEC Experts, > > I am ongoing to install 4 new Name Servers and increse my registrar and > hosting service... =20 > > OK, I have tried to make my own 4 domains with 16 zones signed and it > took me one ho

Re: Automated DNSSEC (command line)

2010-05-28 Thread Michelle Konzack
Hello Casey, Am 2010-05-28 14:43:54, hacktest Du folgendes herunter: > Yes, and you really should use one. The two most important things with > signed zones are that your signatures don't expire, and that the right > DNSSEC RRs are included in the zone. So not only does it need to be > resigned

Re: Automated DNSSEC (command line)

2010-05-28 Thread Michelle Konzack
Hello Michael, Am 2010-05-28 14:40:30, hacktest Du folgendes herunter: > Check out zkt (http://www.hznet.de/dns/zkt/). > > There are a few more involved tools out there, but zkt sounds like > what you want. OK... > >Can an expert please check 'dig ANY tamay-dogan.net' whether this is > >rig

Re: Automated DNSSEC (command line)

2010-05-28 Thread Casey Deccio
On Fri, May 28, 2010 at 2:18 PM, Michelle Konzack < linux4miche...@tamay-dogan.net> wrote: > Hello DNSSEC Experts, > > I am ongoing to install 4 new Name Servers and increse my registrar and > hosting service... > > OK, I have tried to make my own 4 domains with 16 zones signed and it > took m

Re: Automated DNSSEC (command line)

2010-05-28 Thread Michael Sinatra
On 05/28/10 14:18, Michelle Konzack wrote: Hello DNSSEC Experts, I am ongoing to install 4 new Name Servers and increse my registrar and hosting service... OK, I have tried to make my own 4 domains with 16 zones signed and it took me one hour of my life! Since I have to re-sign the zones i