Thanks.
But in case with `nsupdate` - yes, this is unsigning/signing case, which I
would like to avoid.
As for second variant - unfortunately I don't know how to edit manually TTL
in the signed (not raw) master file.
Kind regards,
Aleks Ostapenko
___
P
Aleks Ostapenko wrote:
> As for second variant - unfortunately I don't know how to edit manually TTL
> in the signed (not raw) master file.
(1) Use `rndc freeze` which makes `named` rewrite the zone file with all
pending changes from the journal, and makes it stop making further changes
to the z
Hi,
bind 9.10.3_p4 with this global option:
forward first;
forwarders {
8.8.8.8;
};
If i dig from localhost or any client and 8.8.8.8 answers all is ok but
if 8.8.8.8 is unreachable or it doesn't respond, bind doesn't fallback
on himslef asking to root server etc .
This is not expected.
Anyo
Tony Finch schrieb am 23.08.16 um 10:45:15 Uhr:
> Aleks Ostapenko wrote:
>
> > As for second variant - unfortunately I don't know how to edit manually TTL
> > in the signed (not raw) master file.
>
> (1) Use `rndc freeze` which makes `named` rewrite the zone file with all
> pending changes f
Hi,
In the past, when I have had a requirement to bring a slave zone into our
environment; I created a slave zone on my master(s) (defining the external
nameserver as a master) and then created slave zones on my slaves using *my*
master as a master (not the master outside of my environment). T
Baird, Josh wrote:
>
> In the past, when I have had a requirement to bring a slave zone into
> our environment; I created a slave zone on my master(s) (defining the
> external nameserver as a master) and then created slave zones on my
> slaves using *my* master as a master (not the master outside
Hello!
Do I need to create keys first when I create a new zone and
use inline signing or is keycreation done by named?
Regards
Andreas
pgpTqth4sBZkE.pgp
Description: Digitale Signatur von OpenPGP
___
Please visit https://lists.isc.org/mailman/listi
Andreas Meyer wrote:
>
> Do I need to create keys first when I create a new zone and
> use inline signing or is keycreation done by named?
named does not create keys for you, but have a look at dnssec-keymgr in
BIND 9.11
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode
Fai
Look in your logs at the time of named startup to see if your root-server
priming failed at that time.
- kevin
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.is
>From an InfoSec standpoint, of course one would prefer to use cryptographic
>methods of securing DNS data, but, in the absence of that, slaving could,
>arguably, be considered more secure than forwarding, in the sense that
>forwarding usually generates more network transactions, over time, for
In message <844475874024407090c1c2e9d5718...@mxph4chrw.fgremc.it>, "Darcy Kevin
(FCA)" writes:
> From an InfoSec standpoint, of course one would prefer to use
> cryptographic methods of securing DNS data, but, in the absence of that,
> slaving could, arguably, be considered more secure than forwa
11 matches
Mail list logo
