Mark Andrews wrote:
> Sebastian Wiesinger wrote:
> >
> > Thank you for explaining this for me. I was reading RFC6781, which I
> > now realize is probably outdated in this regard so I was a bit
> > confused.
RFC 7583 (DNSSEC Key Rollover Timing) is also worth reading.
> > > Once named has comple
* Tony Finch [2016-10-10 12:36]:
> I thought the algorithm rollover process is required to be: introduce new
> ZSK and KSK and sign the zone; wait for old records to expire; flip the DS
> from old to new; wait for old DS to expire; delete old ZSK and KSK and
> RRSIGs. A double-DS algorithm rollove
On Mon, Oct 10, 2016 at 7:51 AM, Sebastian Wiesinger
wrote:
>
> http://dnsviz.net/d/blau.beer/V_tTtQ/dnssec/
>
> After the DS TTL expired I removed the old DS, so the zone now looks
> like this:
>
> http://dnsviz.net/d/blau.beer/V_t2Hg/dnssec/
>
TBH, the prior one looks cooler than the later.
-J
Hello, All.
Many clients queries to IPv6(IN/) domain.
But IPv6 network is so far, then slow then IPv4 network.
I want to forced dns64 for special domain.
Example, 'm.facebook.com' IN/ address is
'2a03:2880:f115:83:face:b00c:0:25de'.
But I don't want to use IPv6 address. So I want to use
DNS64 doesn't work like that.
If you are having problems connecting over IPv6 contact your service
provider. Facebook treats IPv6 as a production service and will
deal with connectivity issues.
If you want to force browsers to use IPv4 then send back RST to the
connection attempts to reach the
5 matches
Mail list logo
