On 02/06/2013 12:56 AM, Doug Barton wrote:
I do the following as an example:
nsupdate -d
server
zone test.net
update add subzone.test.net IN DS 34845 7 1
325AA7B83FAC7DB621678EB2FB9035B51A0A504F
I don't think this makes sense. Shouldn't you have a proper zone for
subzone.test.net? What
Precisely !
That is why one of the sanity checks is if NS records exist at all.
If not, no DS records will be added.
And reversely : if all NS records are removed, any DS record will be
removed as well.
Just as Mark Andrews indicated.
Kind regards,
Marc Lampo
On Wed, Feb 6, 2013 at 9:59 AM, P
Of course.
Thank you.
--
Jack Tavares
"How many more can we sell with this button?"
From: Mark Andrews [ma...@isc.org]
Sent: Tuesday, February 05, 2013 19:58
To: Andrew Latham
Cc: Jack Tavares; bind-us...@isc.org
Subject: Re: adding DS record via nsupdate
On 02/06/2013 12:59 AM, Phil Mayers wrote:
On 02/06/2013 12:56 AM, Doug Barton wrote:
I do the following as an example:
nsupdate -d
server
zone test.net
update add subzone.test.net IN DS 34845 7 1
325AA7B83FAC7DB621678EB2FB9035B51A0A504F
I don't think this makes sense. Shouldn't you ha
Recently noticed that for 2 nameservers ns1.tbd.com and ns2.tbd.com (names are
changed to protect the innocent) the first nameserver consistently receives
twice as many queries as the 2nd nameserver.
Who can tell me why queries are distributed this way?
Any ideas?
I assume it's something rel
On Wed, Feb 6, 2013 at 11:32 AM, M. Meadows wrote:
>
> Recently noticed that for 2 nameservers ns1.tbd.com and ns2.tbd.com(names are
> changed to protect the innocent) the first nameserver
> consistently receives twice as many queries as the 2nd nameserver.
> Who can tell me why queries are dist
] from Augie Schwer
] Is there a way to exclude a domain from DNSSEC validation, like
] Unbound's "domain-insecure"?
Unless you start at the root with your own forged root trust anchor,
you cannot do more than lie to DNS clients that rely on you to
validate. DNS clients that do their own validat
Are these authoritative nameservers or resolving DNS servers?
If the latter, its probably because everybody has resolv.conf's listing
ns1.tbd.com first and ns2.tbd.com second.
We used to have 3 recursive/caching servers x.x.x.2, x.x.x.3, x.x.x.4.
x.x.x.2 would get heavily used , with the
In message <201302062107.r16l7f9b066...@calcite.rhyolite.com>, Vernon Schryver
>
> All of that gets back to honesty being the best policy and letting other
> people fix their own stuff in their own time.
And the more people that validate the bigger the peer presure will
be to fix dnssec problem
> From: Mark Andrews
> > All of that gets back to honesty being the best policy and letting other
> > people fix their own stuff in their own time.
>
> And the more people that validate the bigger the peer presure will
> be to fix dnssec problems promptly. However to do that you need
> working w
In message <201302070048.r170mosg004...@calcite.rhyolite.com>, Vernon Schryver
writes:
> My view is that if an outfit has so few other users that it doesn't
> hear when things breaks and doesn't care enough to monitor, then it's
> not worth my time to be a pest. By time I notice a problem with a
11 matches
Mail list logo
