> Further, I see that sometimes there are no private records at all. When
> does this happen? (I never called "rndc signing -clear")
It seems that this happens when Bind is restarted.
So, what is the suggested (and reliable) way for external tools to get
the signing status from Bind? I.e. if a k
On 21 May 2014 10:24:23 BST, Klaus Darilion
wrote:
>> Further, I see that sometimes there are no private records at all.
>When
>> does this happen? (I never called "rndc signing -clear")
>
>It seems that this happens when Bind is restarted.
>
>So, what is the suggested (and reliable) way for ext
On 21.05.2014 12:39, Phil Mayers wrote:
> On 21 May 2014 10:24:23 BST, Klaus Darilion
> wrote:
>>> Further, I see that sometimes there are no private records at all.
>> When
>>> does this happen? (I never called "rndc signing -clear")
>>
>> It seems that this happens when Bind is restarted.
>>
Dear Bind Users,
BIND 9 logs report: RRSIG has expired for "www.ise.gov"
And "no valid signature found" for "ise.gov A".
Yet I can still resolve and visit the website http://ise.gov/
DNS recursive server has:
dnssec-validation yes;
dnssec-enable yes;
dnssec-accept-expired
On Wed, May 21, 2014 at 12:56:32PM +0100,
Simon Waters wrote
a message of 58 lines which said:
> BIND 9 logs report: RRSIG has expired for "www.ise.gov"
Indeed.
www.ise.gov.43200 IN RRSIG CNAME 5 3 43200 (
20140513120652 20140413120652
On 21 May 2014, at 13:01, Stephane Bortzmeyer wrote:
> Probably because there is no DS record for ise.gov, which prevents the
> validator to try.
Thanks, and indeed no DS in .gov, knew I was missing something basic.
___
Please visit https://lists.isc
There is no DS record for ise.gov so there is no chain of trust and
the answer is treated as insecure. Note "ad" is *not* set in flags
of your query.
; <<>> DiG 9.11.0pre-alpha <<>> ds ise.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45170
;; fla
7 matches
Mail list logo
