On Fri, May 21, 2010 at 09:54:01AM +0300,
Techi wrote
a message of 46 lines which said:
> I have a Centos 5.x with Bind 9.3.6-4.
That's an extremely old version. Even Debian :-) has a more recent
one. For instance, you won't be able to validate the root (which uses
SHA256) or .ORG (which use
On Thu, May 20, 2010 at 05:18:10PM -0700,
Hoover Chan wrote
a message of 15 lines which said:
> A pointer please to information on how to use BIND to "translate" a
> domain name to a target URL. For example, www.domain ->
> http://www.someother.domain/folder1/folder2/index.html.
Unlike what m
On Fri, May 21, 2010 at 09:54:01AM +0300, Techi wrote:
> Hallo,
> I try to setup (=prepare) the our DNS servers for the DNSSEC era.
> I have a Centos 5.x with Bind 9.3.6-4. I have one problem and 2 questions.
> The problem is that the specific version seems to lack support for DNSSEC
> validation!
On May 21, 2010, at 4:27 AM, Stephane Bortzmeyer wrote:
> On Thu, May 20, 2010 at 05:18:10PM -0700,
> Hoover Chan wrote
> a message of 15 lines which said:
>
>> A pointer please to information on how to use BIND to "translate" a
>> domain name to a target URL. For example, www.domain ->
>> htt
On Fri, May 21, 2010 at 08:30:47AM -0400,
Chris Buxton wrote
a message of 26 lines which said:
> Another such solution (and simpler) would be SRV records,
It maps a domaine name to a set of {domain name, port}, not to URL
(with the path and so on) :-) So, no, you still need NAPTR if you want
We have a similar issue. And this is my understanding of it:
>From briefly looking at the source, it seems that as of 9.6.2-P1 the
dnssec-signzone tool performs some additional validation after the
signing is complete.
Previously, it could only verify the signatures it generated, if "-a" is
used
Am Fri, 21 May 2010 09:35:31 -0400
schrieb "Sergiu Bivol" :
> We were invoking the dnssec-signzone tool once with each key. We'd
> start by signing with KSK, then sign with ZSK. When we upgraded to
> 9.6.2-P1, dnssec-signzone started failing with errors when signing
> with KSK: ---
Hi All,
I have a query:
I have example.com setup on a public dns and example.com set up on a
local dns.
If a record is not found in the local, how can I force it to look for a
record in the public dns, for the same domain.
Could some one please let me know the options to add to bind9 please.
>From my experience, there is no way to do this. Once an answer is made
>authoritatively from your internal server, you can't tell it to go somewhere
>else. Authoritative is authoritative, and even if you know there's a better
>answer somewhere else, you're stuck with what you've gone.
What I
I heard that root zone will be signed (or is already signed), so what
changes would be required with respect to the current additions of adding
dlv.isc.org as trust anchor and its associated trusted key ? Do we need to
keep the isc dlv ? or add a new key for the root ?
Thanks
-dani
On Thu, May 20
On May 21 2010, itservices88 wrote:
I heard that root zone will be signed (or is already signed),
It's in DURZ mode. Read all about it at http://www.root-dnssec.org/
so what
changes would be required with respect to the current add
Thanks for this and all the other input.
When you say "regular Web browser", it's safe to conclude that Firefox, IE and
Safari are all included in this category? If so, then yes, that is the target
audience.
I have an odd (and frustrating) situation where I manage the DNS for a Web
service tha
Thanks for details.
-dani
On Fri, May 21, 2010 at 9:04 AM, Chris Thompson wrote:
> On May 21 2010, itservices88 wrote:
>
> I heard that root zone will be signed (or is already signed),
>>
>
> It's in DURZ mode. Read all about it at http://www.root-dnssec.org/
>
>
>
>Hmm... dnssec-signzone (version 9.7.0-P1) seems to work perfectly well:
>
>dnssec-signzone -k Kexample.com.+008+53749.key -N INCREMENT -g -o
example.com example.com Kexample.com.+008+41979 Verifying the zone using
the following algorithms: RSASHA256.
>Zone signing complete:
>Algorithm: RSASHA256:
>>> I have example.com setup on a public dns and example.com set up on a
>>> local dns.
>>> If a record is not found in the local, how can I force it to look for a
>>> record in the public dns, for the same domain.
>>
>> From my experience, there is no way to do this. Once an answer is made
>>
Title: Blue Barracuda
Hi All,
Thank you very much, your reply is very much appreciated.
Regards,
Prashant
On 21/05/10 19:52, Chris Buxton wrote:
I have example.com setup on a public dns and example.com set up on a
local dns.
If a record is not found in the local, how
In message , itse
rvices88 writes:
>
> I heard that root zone will be signed (or is already signed), so what
> changes would be required with respect to the current additions of adding
> dlv.isc.org as trust anchor and its associated trusted key ? Do we need to
> keep the isc dlv ? or add a new k
In article ,
Hoover Chan wrote:
> Thanks for this and all the other input.
>
> When you say "regular Web browser", it's safe to conclude that Firefox, IE
> and Safari are all included in this category? If so, then yes, that is the
> target audience.
Right. I think the only place where NAPTR
18 matches
Mail list logo
