Dear all,
I've been using SIG(0) successfully for some years to deal with Lets Encrypt
dns-01 challenge/response. Clients use dnssec-keygen to make themselves a
RSASHA512 key pair; I manually add that once during setup as a KEY record to
the zone using local nsupdate on the primary NS; then cl
On Tue, 5 Nov 2024, Robert Wagner wrote:
Crypto question - You mention using RSASHA512, but the record shows
ed25519 (elliptic curve) crypto. Any chance you can standardize on one or
the other (RSA or ECC)? This may not be an issue, but it seems odd.
That's a fair question. Those choices we
On Tue, 5 Nov 2024, Malcolm Scott wrote:
Regardless I'll try adjusting the algorithm choice in case it does make a
difference.
So far I can report that using a ECDSAP384SHA384 key for the SIG(0) still
encounters the same failure mode. (For tedious reasons the client I chose
to test
On Thu, 13 Feb 2025, at 16:54, Petr Špaček wrote:
>> [1] https://gitlab.isc.org/isc-projects/bind9/-/issues/5050
>
> BTW you can expedite fixing it if you test code changes in
> https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/9967
> and provide feedback.
Aha -- I had missed that -- I wi
tside your normal working hours.
On 13. 2. 2025, at 16:57, Malcolm Scott via bind-users
wrote:
Hi all,
With apologies if this is a FAQ: why do the ISC BIND packages for Ubuntu,
linked from https://kb.isc.org/docs/isc-packages-for-bind-9 and published at
https://launchpad.net/~isc/+archi
Hi all,
With apologies if this is a FAQ: why do the ISC BIND packages for Ubuntu,
linked from https://kb.isc.org/docs/isc-packages-for-bind-9 and published at
https://launchpad.net/~isc/+archive/ubuntu/bind, depend on
debsuryorg-archive-keyring? That package makes Apt trust a key for an
enti
6 matches
Mail list logo
