On 10/01/11 04:54, Bill Owens wrote:
On Fri, Sep 30, 2011 at 10:26:34PM +, Raymond Drew Walker wrote:
In our initial implementation of DNSSEC, we chose to try out the
"auto" functionalities in version 9.8.0 P4 ie. using "auto-dnssec
maintain" in all master zones.
When going live, we found t
On 10/01/2011 04:40 AM, Matthew Seaman wrote:
On 01/10/2011 09:25, CT wrote:
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key r
On Fri, Sep 30, 2011 at 10:26:34PM +, Raymond Drew Walker wrote:
> In our initial implementation of DNSSEC, we chose to try out the "auto"
> functionalities in version 9.8.0 P4 ie. using "auto-dnssec maintain" in
> all master zones.
>
> When going live, we found that though all zones that we a
On 01/10/2011 09:25, CT wrote:
>
>> I have a few static zones that I sign via script
>> keydir = directory for both KSK and ZSK
>> $zone = zone file
>> /usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
>>
>>
>> Fetching KSK 4054/RSASHA256 from key repository.
>> Fetching ZSK
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256 from key repository.
Fetching ZSK 653
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256 from key repository.
Fetching ZSK 65304
On Fri, Sep 30, 2011 at 6:16 PM, Hauke Lampe wrote:
> Aside from the missing DS, I don't see why BIND complains about the
> NXDOMAIN response at first and then returns that cached record set in
> response to later queries for the same name. dig +sigchase validates it,
> if provided with the nau.e
7 matches
Mail list logo