Hi all Bind users,
i just have a problem with my zone signing output i made all the steps to
obtain a good result.
1. Generated KSK and ZSK
2. Add both of keys at the end of my zone file
3. signing my zone with dnssec-signzone command
4. enable dnssec in named options
5. change the
Hello Thierry SAMEN,
On Fri, 20 Jul 2012, William Thierry SAMEN wrote:
Hi all Bind users,
i just have a problem with my zone signing output i made all the steps to
obtain a good result.
1. Generated KSK and ZSK
2. Add both of keys at the end of my zone file
3. signing my zone with dnssec-s
> 1. Generated KSK and ZSK
> 2.Add both of keys at the end of my zone file
> 3.signing my zone with dnssec-signzone command
> 4.enable dnssec in named options
> 5.change the name of my zone in the named by namezone.signed
> 6.I got the root DNSKEY RR set before with dig comm
On 12-05-15 09:01 AM, Phil Mayers wrote:
>
Sorry about the way delayed response. There seems to be some confusion
about which list/group gmane is following.
> Isn't it more likely it's a local problem?
Indeed. But what, is the question (and I do have the answer, now --
see below).
> Which v
On 12-07-20 08:34 AM, Brian J. Murrell wrote:
>
> The problem here seems to be fragmented UDP.
I seem to have misdiagnosed this due to tcpdump peculiarities. I only
initially saw/suspected the problem since my capture for port 53
packets was including (only the first) ipv4 fragments. When addin
On 20/07/12 14:03, Brian J. Murrell wrote:
# dig +dnssec @localhost 119.in-addr.arpa SOA
; <<>> DiG 9.9.1-P1 <<>> +dnssec @localhost 119.in-addr.arpa SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49713
;; flags: qr rd ra; QUERY
In message <50095065.3050...@interlinx.bc.ca>, "Brian J. Murrell" writes:
>
> On 12-05-15 09:01 AM, Phil Mayers wrote:
> >=20
>
> Sorry about the way delayed response. There seems to be some confusion
> about which list/group gmane is following.
> =20
> > Isn't it more likely it's a local probl
On Fri, Jul 20, 2012 at 2:52 AM, William Thierry SAMEN <
thierry.sa...@gmail.com> wrote:
> i just have a problem with my zone signing output i made all the steps to
> obtain a good result.
...
> my zone name is *willzik.co.uk*
>
**
>
I'm getting an NXDOMAIN response from the co.uk servers, rathe
On Fri, Jul 20, 2012 at 6:03 AM, Brian J. Murrell wrote:
> On 12-07-20 08:34 AM, Brian J. Murrell wrote:
> >
> > The problem here seems to be fragmented UDP.
>
> I seem to have misdiagnosed this due to tcpdump peculiarities. I only
> initially saw/suspected the problem since my capture for port 5
> all this step has been well done, but the last step:
> Generate DS records and provide them to your registrar.
> has not been fluent for me. I found how can i provide key to the registrar i
> used this command:
> dnssec-dsfromkey -2 Kwillzik.co.uk KSK.key "is it the good way to do?"
That comma
On 12-07-20 09:11 AM, Phil Mayers wrote:
>
> Or, what happens if you start bind up in debug mode and run the query?
> There will be a lot of output, but I've found most problems to be fairly
> obvious if you read through it.
Yeah, there is a lot of output. Too big of a haystack for me to find
th
In message , "Brian J. Murrell" writes:
> On 12-07-20 08:34 AM, Brian J. Murrell wrote:
> >=20
> > The problem here seems to be fragmented UDP.
>
> I seem to have misdiagnosed this due to tcpdump peculiarities. I only
> initially saw/suspected the problem since my capture for port 53
> packets w
On 12-07-20 10:42 AM, Mark Andrews wrote:
>
> The NS RRset is the delegation records and as such has no RRSIGs.
> If you turn on minimal-responses the NS rrset won't be added and
> AD won't be cleared. AD is only set to 1 if all the records in the
> answer and authority sections are marked as se
On 20/07/12 15:33, Brian J. Murrell wrote:
On 12-07-20 09:11 AM, Phil Mayers wrote:
Or, what happens if you start bind up in debug mode and run the query?
There will be a lot of output, but I've found most problems to be fairly
obvious if you read through it.
Yeah, there is a lot of output.
In message <50096c2b.1080...@interlinx.bc.ca>, "Brian J. Murrell" writes:
> Just for good measure, since I think I have posted this before, but here
> are the options I have set in my bind configuration with regard to dnssec=
> :
>
> dnssec-enable yes;
> dnssec-validation yes;
>
On 20/07/12 16:21, Mark Andrews wrote:
In message <50096c2b.1080...@interlinx.bc.ca>, "Brian J. Murrell" writes:
Just for good measure, since I think I have posted this before, but here
are the options I have set in my bind configuration with regard to dnssec=
:
dnssec-enable yes;
In message <500978a5.4070...@imperial.ac.uk>, Phil Mayers writes:
> On 20/07/12 16:21, Mark Andrews wrote:
> >
> > In message <50096c2b.1080...@interlinx.bc.ca>, "Brian J. Murrell" writes:
> >> Just for good measure, since I think I have posted this before, but here
> >> are the options I have set
On 12-07-20 11:40 AM, Mark Andrews wrote:
>
> In message <500978a5.4070...@imperial.ac.uk>, Phil Mayers writes:
>> On 20/07/12 16:21, Mark Andrews wrote:
>>>
>>> In message <50096c2b.1080...@interlinx.bc.ca>, "Brian J. Murrell" writes:
Just for good measure, since I think I have posted this b
Hi
We have getting a lot of errors like the following from our BIND 9
servers (9.5.1.1):
20-Jul-2012 15:26:40.181 config: error:
/var/named/etc/namedb/conf/zone_0.conf:1529: zone 'x.net':
already exists previous definition: /var/named/etc/namedb/conf/zone_0.conf:1529
20-Jul-2012 15:26:46
On 20 Jul 2012, at 21:40, Active Venture - Tom wrote:
>
> 20-Jul-2012 15:26:40.181 config: error:
> /var/named/etc/namedb/conf/zone_0.conf:1529: zone 'x.net': already exists
> previous definition: /var/named/etc/namedb/conf/zone_0.conf:1529
> 20-Jul-2012 15:26:46.270 general: error: reloadi
In message <500985c0.3000...@interlinx.bc.ca>, "Brian J. Murrell" writes:
> On 12-07-20 11:40 AM, Mark Andrews wrote:
> >=20
> > In message <500978a5.4070...@imperial.ac.uk>, Phil Mayers writes:
> >> On 20/07/12 16:21, Mark Andrews wrote:
> >>>
> >>> In message <50096c2b.1080...@interlinx.bc.ca>,
In message <20120720204053.43b5615e...@da1.active-domain.com>, Active Venture -
Tom writes:
> Hi
>
> We have getting a lot of errors like the following from our BIND 9
> servers (9.5.1.1):
9.5.1 has know security flaws and was end of lifed several years ago.
> 20-Jul-2012 15:26:40.181 config
On 07/20/2012 07:05, Casey Deccio wrote:
> On Fri, Jul 20, 2012 at 2:52 AM, William Thierry SAMEN
> mailto:thierry.sa...@gmail.com>> wrote:
>
> i just have a problem with my zone signing output i made all the
> steps to obtain a good result.
>
> ...
>
> my zone name is *willzik.co.uk
23 matches
Mail list logo
