In message <0e2a12fc-3b99-4486-bc89-ac12097eb...@linkedin.com>, Franck Martin
writes:
> On Dec 15, 2014, at 1:34 PM, Keith Mitchell wrote:
>
> > On 12/14/2014 11:45 AM, Keith Mitchell wrote:
> >> On 12/13/2014 04:30 PM, Mark Andrews wrote:
> >>>
> >>> OARC's DNS Reply Size Test Server is not EDN
On Dec 15, 2014, at 1:34 PM, Keith Mitchell wrote:
> On 12/14/2014 11:45 AM, Keith Mitchell wrote:
>> On 12/13/2014 04:30 PM, Mark Andrews wrote:
>>>
>>> OARC's DNS Reply Size Test Server is not EDNS compliant. It does
>>> not return a OPT record to EDNS requests. This causes named from
>>>
In message <21657.50339.776956.915...@tale.kendall.corp.akamai.com>, David C La
wrence writes:
> Paul Hoffman writes:
> > That is, is there really a reason for starting the cache
> > with a query for ". IN NS" instead of just "whatever IN A"?
>
> You get a current list of the root servers instead
Paul Hoffman writes:
> That is, is there really a reason for starting the cache
> with a query for ". IN NS" instead of just "whatever IN A"?
You get a current list of the root servers instead of the list of the
whatever servers?
___
dns-operations maili
On Dec 23, 2014, at 2:43 AM, Tony Finch wrote:
>
> Davey Song wrote:
>>
>> But I do not find any specification on the priming process of resolver,
>
> There is a draft
> http://tools.ietf.org/html/draft-ietf-dnsop-resolver-priming
That long-expired draft says:
A priming query SHOULD use
Hi,
For ROOT and .com zones only KSK is used for DNSKEY RR set signing whereas
comcast.com DNSKEY RR set is signed by both KSK and ZSK.
Best regards,
Maciej Andziński
- Oryginalna wiadomość -
> Dear friends:
> When the resolver sends the DNSKEY RR query, irrespecitve of keyrollover
In message ,
"scottjiang1...@hotmail.com" writes:
> Dear friends:
> When the resolver sends the DNSKEY RR query, irrespecitve of keyrollover
> period, I think the response message should reply a KSK, a ZSK and a
> RRSIG(DNSKEY).
Well you are mistaken. Assuming there is a DNSKEY RRset, you can
On Tue, Dec 23, 2014 at 03:52:19PM +0800,
scottjiang1...@hotmail.com wrote
a message of 284 lines which said:
> When the resolver sends the DNSKEY RR query, irrespecitve of
> keyrollover period, I think the response message should reply a KSK,
> a ZSK
No. Nothing in DNSSEC says you must have
Dear friends:
When the resolver sends the DNSKEY RR query, irrespecitve of keyrollover
period, I think the response message should reply a KSK, a ZSK and a
RRSIG(DNSKEY). However, when I capture the package with tcpdump, the response
message is unanticipated.
I get the response with one KSK, tw
Hi folks,
I am doing a test on priming exchange from different DNS software’s and
find something weird. BIND(v9.8.1, v9.9.4, v9.10.1 ) would send NS query and
a query simultaneously rather than wait until NS query get answered.
PowerDNS(v3.3) will not do any NS query but query base on the content
Hi Alex,
> i've been trying to find guidance whether or not the host listed in the MNAME
> field of the SOA record is required to have the respective zone signed (when
> it is signed on the authoritative servers, and a secure delegation exists at
> the parent)? I understand the MNAME host is no
I guess that might because I don't wipe out the cache rightly. I use
"rec_control wipe-cache ."
to wipe out the cache for root server. Does this will clear the cache rightly?
On Tue, Dec 23, 2014 at 3:38 PM, bert hubert
wrote:
> On Tue, Dec 23, 2014 at 11:08:39AM +0800, Davey Song wrote:
> > I
Davey Song wrote:
>
> But I do not find any specification on the priming process of resolver,
There is a draft
http://tools.ietf.org/html/draft-ietf-dnsop-resolver-priming
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Portland, Plymouth: Southwest 5 to 7. Rough or very rough. Occasional drizz
Alexander Mayrhofer wrote:
>
> i've been trying to find guidance whether or not the host listed in the
> MNAME field of the SOA record is required to have the respective zone
> signed (when it is signed on the authoritative servers, and a secure
> delegation exists at the parent)?
I believe it is
Thanks for your comment, Mark. Yes, I know it‘s OK, because the NS RRset
and Glue of root server rarely change.
But I do not find any specification on the priming process of resolver, so
I do the test and post on the mailing list hoping to discuss and find how
priming woks in implementations an
Hi,
i've been trying to find guidance whether or not the host listed in the MNAME
field of the SOA record is required to have the respective zone signed (when it
is signed on the authoritative servers, and a secure delegation exists at the
parent)? I understand the MNAME host is not queried und
16 matches
Mail list logo
