Casey Deccio deccio.net> writes:
>
> This can happen in a number of different ways: If any RRSIGs in the
> chain of trust are bogus, expired, or missing. If NSEC/NSEC3 records
> are not provided or are insufficient to prove that no DS records exist
> for an insecure delegation. If DS RRs do e
On Wed, Nov 3, 2010 at 4:44 AM, Brian J. Murrell wrote:
> Casey Deccio deccio.net> writes:
>>
>> However, a broken chain means that the validating resolver expects a
>> chain to exist, but the chain does not extend properly.
>
> How does a resolver come to this expectation? What is happening tha
I do not think this is possible, but would like to confirm.
I would like to declar a variable, and then use that variable elsewhere
within the named.conf file.
I have multiple "channel" definitions with "file" options. I want a
variable for the path so I can change it once and update all entr
Stephane Bortzmeyer nic.fr> writes:
>
> They are not name servers of sa-trusted.bondedsender.org:
Damn. Yes, you are correct. I forgot it was sa-trusted.bondedsender.org. in
our example and stopped at bondedsender.org. However going that one more sub-
domain deeper and testing it's NSes, the
On Wed, Nov 03, 2010 at 04:00:48PM +,
Brian J. Murrell wrote
a message of 19 lines which said:
> > Another possibility: sa-trusted.bondedsender.org is badly lame (none
> > of the name servers reply), so it may trigger a bad error message from
> > BIND.
>
> Both s0.rpdns.net. and s1.rpdns.
Stephane Bortzmeyer nic.fr> writes:
>
> Indeed. Your analysis seems right. May be you have somewhere another
> trust anchor (for DLV ISC or directly for bondedsender.org?)
Hrm. I'm not sure TBH. I know I didn't install any trust anchor specifically
for bondedsender.org, but I do have "dnsse
On Nov 3 2010, Stephane Bortzmeyer wrote:
On Wed, Nov 03, 2010 at 11:24:03AM -0200,
alexan...@nautae.eti.br wrote
a message of 31 lines which said:
So, is that possible in any way to use DNSSEC with Bind 9.3.6?
Yes. DNSSEC appeared in BIND 9.0.
After a fashion. You really don't want to
On Wed, 3 Nov 2010, Stephane Bortzmeyer wrote:
> On Wed, Nov 03, 2010 at 11:24:03AM -0200,
> alexan...@nautae.eti.br wrote
> a message of 31 lines which said:
>
> > So, is that possible in any way to use DNSSEC with Bind 9.3.6?
>
> Yes. DNSSEC appeared in BIND 9.0.
DNSSEC has changed a lot sinc
On Wed, Nov 03, 2010 at 11:24:03AM -0200,
alexan...@nautae.eti.br wrote
a message of 31 lines which said:
> So, is that possible in any way to use DNSSEC with Bind 9.3.6?
Yes. DNSSEC appeared in BIND 9.0.
> Is there any documentation to follow?
The ARM.
> What are the general important DNS
Some OSes provide an "official" BIND package and maintain it. (e.g.
RHEL 5.x uses BIND 9.3.x). This package while initially based on 9.3
from ISC may have security and/or functionality updates backported into
it from later versions of BIND.
If you are using such an "official" package from your
Hi.
Some people here have said that the option 'managed-keys' only exists in
the bind 9.7 version.
That's ok, that's right, I'm going to upgrade my Bind.
But at this time would be very nice if it would be possible to use DNSSEC
with Bind 9.3.6 version, just to test some particular parameters he
On Wed, Nov 03, 2010 at 11:44:18AM +,
Brian J. Murrell wrote
a message of 46 lines which said:
> named error (broken trust chain) resolving '133.168.163.66.sa-
> trusted.bondedsender.org/TXT/IN': 173.45.100.146#53
>
> Where/why does it break? Who's is breaking it? I can see that
> org.
Casey Deccio deccio.net> writes:
>
> There is a difference between a "broken" trust chain and a trust chain
> that securely "ends" before reaching the name being queried.
Ahhh. That makes sense.
> However, a broken chain means that the validating resolver expects a
> chain to exist, but the c
13 matches
Mail list logo
