In message <844475874024407090c1c2e9d5718...@mxph4chrw.fgremc.it>, "Darcy Kevin
(FCA)" writes:
> From an InfoSec standpoint, of course one would prefer to use
> cryptographic methods of securing DNS data, but, in the absence of that,
> slaving could, arguably, be considered more secure than forwa
>From an InfoSec standpoint, of course one would prefer to use cryptographic
>methods of securing DNS data, but, in the absence of that, slaving could,
>arguably, be considered more secure than forwarding, in the sense that
>forwarding usually generates more network transactions, over time, for
Look in your logs at the time of named startup to see if your root-server
priming failed at that time.
- kevin
-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.is
Andreas Meyer wrote:
>
> Do I need to create keys first when I create a new zone and
> use inline signing or is keycreation done by named?
named does not create keys for you, but have a look at dnssec-keymgr in
BIND 9.11
Tony.
--
f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode
Fai
Hello!
Do I need to create keys first when I create a new zone and
use inline signing or is keycreation done by named?
Regards
Andreas
pgpTqth4sBZkE.pgp
Description: Digitale Signatur von OpenPGP
___
Please visit https://lists.isc.org/mailman/listi
Baird, Josh wrote:
>
> In the past, when I have had a requirement to bring a slave zone into
> our environment; I created a slave zone on my master(s) (defining the
> external nameserver as a master) and then created slave zones on my
> slaves using *my* master as a master (not the master outside
Hi,
In the past, when I have had a requirement to bring a slave zone into our
environment; I created a slave zone on my master(s) (defining the external
nameserver as a master) and then created slave zones on my slaves using *my*
master as a master (not the master outside of my environment). T
Tony Finch schrieb am 23.08.16 um 10:45:15 Uhr:
> Aleks Ostapenko wrote:
>
> > As for second variant - unfortunately I don't know how to edit manually TTL
> > in the signed (not raw) master file.
>
> (1) Use `rndc freeze` which makes `named` rewrite the zone file with all
> pending changes f
Hi,
bind 9.10.3_p4 with this global option:
forward first;
forwarders {
8.8.8.8;
};
If i dig from localhost or any client and 8.8.8.8 answers all is ok but
if 8.8.8.8 is unreachable or it doesn't respond, bind doesn't fallback
on himslef asking to root server etc .
This is not expected.
Anyo
Aleks Ostapenko wrote:
> As for second variant - unfortunately I don't know how to edit manually TTL
> in the signed (not raw) master file.
(1) Use `rndc freeze` which makes `named` rewrite the zone file with all
pending changes from the journal, and makes it stop making further changes
to the z
Thanks.
But in case with `nsupdate` - yes, this is unsigning/signing case, which I
would like to avoid.
As for second variant - unfortunately I don't know how to edit manually TTL
in the signed (not raw) master file.
Kind regards,
Aleks Ostapenko
___
P
11 matches
Mail list logo