-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Chris,
Thanks for your response -- that explains it. I hope that you don't
mind if I continue this discussion with another question.
I changed my configuration to use views to separate my external zone
(for which BIND is authoritative) from inter
On Jun 16, 2009, at 4:08 AM, Chris Thompson wrote:
On Jun 15 2009, Chris Buxton wrote:
On Jun 13, 2009, at 4:59 AM, Erik Lotspeich wrote:
Is it normal that a validating resolver can't validate a domain it
is
authoritative for?
Absolutely. As Alan Clegg wrote not long ago on this list,
You
On Jun 15 2009, Chris Buxton wrote:
On Jun 13, 2009, at 4:59 AM, Erik Lotspeich wrote:
Is it normal that a validating resolver can't validate a domain it is
authoritative for?
Absolutely. As Alan Clegg wrote not long ago on this list,
You presumably refer to
https://lists.isc.org/pipermai
In message <69beb178-f30d-4ac2-8e7a-b13c1f5f8...@menandmice.com>, Chris Buxton
writes:
> On Jun 13, 2009, at 4:59 AM, Erik Lotspeich wrote:
> > Is it normal that a validating resolver can't validate a domain it is
> > authoritative for?
>
> Absolutely. As Alan Clegg wrote not long ago on this li
On Jun 13, 2009, at 4:59 AM, Erik Lotspeich wrote:
Is it normal that a validating resolver can't validate a domain it is
authoritative for?
Absolutely. As Alan Clegg wrote not long ago on this list, this is why
a DNSSEC validating resolver should not be authoritative for any
signed zones.
Erik Lotspeich wrote:
> I now get the AD flag when querying external validating resolvers such
> as the ones you mention.
That's good.
May your signatures never expire and your keys always be valid.
> I believe that my BIND is configured properly to be a validating
> resolver as well:
>
> # dig
Hi Hauke,
I now get the AD flag when querying external validating resolvers such
as the ones you mention.
I believe that my BIND is configured properly to be a validating
resolver as well:
# dig +adflag @ns.lotspeich.org. isc.org.
; <<>> DiG 9.6.1 <<>> +adflag @ns.lotspeich.org. isc.org.
; (1 s
In message <20090612025851.ga23...@frell.ambush.de>, Hauke Lampe writes:
> On Fri, Jun 12, 2009 at 04:29:11 +0200, Hauke Lampe wrote:
>
> > Future reference: Once .org completes their testing phase *and* your
> > registrar allows you to register DS records for your domain, queries
> > should also
On Fri, Jun 12, 2009 at 04:29:11 +0200, Hauke Lampe wrote:
> Future reference: Once .org completes their testing phase *and* your
> registrar allows you to register DS records for your domain, queries
> should also return AD when validated against the ITAR trust anchor
> repository (at https://ita
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Erik Lotspeich wrote:
> I have registered with the ISC's DLV registry. I am
> having trouble finding the best way for me to validate that my setup is
> working and that my zone validates.
dlv.isc.org doesn't list your keys yet. It can take a day or
In message <4a3177c1.5040...@lotspeich.org>, Erik Lotspeich writes:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi,
>
> Although I'm not new to DNS, I'm new to DNSSEC. I have read
> documentation and howtos regarding DNSSEC.
>
> I believe that I have it configured and working for my
On Thu, 11 Jun 2009, Erik Lotspeich wrote:
> Although I'm not new to DNS, I'm new to DNSSEC. I have read
> documentation and howtos regarding DNSSEC.
>
> I believe that I have it configured and working for my domain,
> lotspeich.org. I have registered with the ISC's DLV registry. I am
> having
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Although I'm not new to DNS, I'm new to DNSSEC. I have read
documentation and howtos regarding DNSSEC.
I believe that I have it configured and working for my domain,
lotspeich.org. I have registered with the ISC's DLV registry. I am
having tro
13 matches
Mail list logo
