Subject: RE: BIND, DNSSEC & AD
Marc Lampo wrote:
>
> you are aware that Windows DNS service understands DNSSEC algorithm 5
> (RSA/SHA-1 – NSEC) at most ?
Carsten Strotmann's post says Windows Server 2012 fixes this limitation
http://strotmann.de/roller
Marc Lampo wrote:
>
> you are aware that Windows DNS service understands DNSSEC algorithm 5
> (RSA/SHA-1 – NSEC) at most ?
Carsten Strotmann's post says Windows Server 2012 fixes this limitation
http://strotmann.de/roller/dnsworkshop/entry/dnssec_validation_in_microsoft_dns
Tony.
--
f.anthony.n
Officer
EURid (for .eu)
From: John Williams [mailto:john.1...@yahoo.com]
Sent: 29 June 2012 04:53 PM
To: Marc Lampo; bind-users@lists.isc.org
Subject: Re: BIND, DNSSEC & AD
The purpose behind this is not to protect the internal AD DNS from
hijacking. But rather to allow internal clients to
If you don't want to run named on Windows, it supports dynamic updates with
GSS-TSIG + DNSSEC.
In message <4feed285.7060...@strotmann.de>, "Carsten Strotmann (private)"
writes:
> Hello John,
>
> On 6/29/12 4:52 PM, John Williams wrote:
> > The purpose behind this is not to protect the internal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello John,
On 6/29/12 4:52 PM, John Williams wrote:
> The purpose behind this is not to protect the internal AD DNS from
> hijacking. But rather to allow internal clients to run DNSSEC
> related queries without having to reference external resolver
will
not allow that. That would be ideal though.
Thanks,
JT
From: Marc Lampo
To: 'John Williams' ; bind-users@lists.isc.org
Sent: Friday, June 29, 2012 3:07 AM
Subject: RE: BIND, DNSSEC & AD
Hello,
(not a Bind related question !)
Last ti
Hello,
(not a Bind related question !)
Last time I looked at Microsoft documentation I remember having seen that
DNSSEC is for static files only,
*not* for "Active Directory integrated" domains !
If that is still true, I think the question about importing keys is
irrelevant .
You would
7 matches
Mail list logo
