In message
, Alexander Gurvitz writes:
> Is there any practical difference between the following two:
>
> 1.
> example.com. NS ns1.example.com.
> example.com. NS ns2.example.com.
> ns1.example.com. A 1.1.1.1
> ns2.example.com. A 1.1.1.2
>
> 2.
> example.com. NS ns.example.com.
> ns.example.com.
In message , Tony Fin
ch writes:
> Vernon Schryver wrote:
> >
> > How does a secondary authoritative DNS server fail to support DNSSEC?
>
> A security-aware authoritative server has to support:
>
> * EDNS0 and DO
> * RRSIG records alongside the RRsets they cover in responses
> * Special logic f
I have used Gratisdns.dk for years with no issue. I you buy the domains
through them, they will even remind you in good time to renew ;-)
And you can't beat the price for DNS - I have never been bothered with
advertisements from them.
On 17/02/13 19:10, Tony Finch wrote:
> Robert Moskowitz wrote
On 02/17/2013 12:43 PM, Evan Hunt wrote:
Should I put a single entry for my /48 allocation or 16 /64 entries for
the nets I am currently using?
Both ways work.
Does it make any difference for performance?
Possibly, but I doubt you could measure it. (Unless you're using a
really ancent versio
Robert Moskowitz wrote:
>
> One of my secondaries, though, does not support DNSSEC and it is the one that
> gives me a bit of geographical diversity. So I am looking for someplace that
> will accept my smallish domains.
Have a look at https://web.gratisdns.dk - Danish only, but that's not too
mu
Vernon Schryver wrote:
>
> How does a secondary authoritative DNS server fail to support DNSSEC?
A security-aware authoritative server has to support:
* EDNS0 and DO
* RRSIG records alongside the RRsets they cover in responses
* Special logic for DS in parent zones
* NSEC or NSEC3 in negative an
> Should I put a single entry for my /48 allocation or 16 /64 entries for
> the nets I am currently using?
Both ways work.
> Does it make any difference for performance?
Possibly, but I doubt you could measure it. (Unless you're using a
really ancent version of BIND, in which case the shorter l
On 02/17/2013 12:11 PM, Vernon Schryver wrote:
From: Robert Moskowitz
The Redhat docs on bind had a warning about not implementing features,
like DNSSEC if your secondaries doesn't support it. That is all I am
going on. I think I also saw it in some isc.org doc.
In your position, I'd publish
On 02/17/2013 11:48 AM, Vernon Schryver wrote:
From: David Forrest
In any case, some naming and shaming seems appropriate. Basic
Naming and shaming seems excessive for a "free" service.
Services that do not charge users money are often not really free.
This is my concern in coming out and
> From: Robert Moskowitz
> The Redhat docs on bind had a warning about not implementing features,
> like DNSSEC if your secondaries doesn't support it. That is all I am
> going on. I think I also saw it in some isc.org doc.
In your position, I'd publish the RRSIG and NSEC* records (i.e. sign
> From: David Forrest
> > In any case, some naming and shaming seems appropriate. Basic
>
> Naming and shaming seems excessive for a "free" service.
Services that do not charge users money are often not really free.
That this case might cost security instead of eyeballs should not
exempt it fro
On 02/17/2013 09:44 AM, Vernon Schryver wrote:
From: Robert Moskowitz
One of my secondaries, though, does not support DNSSEC
How does a secondary authoritative DNS server fail to support DNSSEC?
It's not as if it would be doing any signature checking or automagic
(re)signing. Does it not tole
On 02/17/2013 09:57 AM, David Forrest wrote:
On Sun, 17 Feb 2013, Vernon Schryver wrote:
In any case, some naming and shaming seems appropriate. Basic
Naming and shaming seems excessive for a "free" service.
Just like I am FINALLY moving to DNSSEC, the fellow running the system I
have be
On Sun, 17 Feb 2013, Vernon Schryver wrote:
In any case, some naming and shaming seems appropriate. Basic
Naming and shaming seems excessive for a "free" service.
Dave
--
David Forrest St. Louis, Missouri
___
Please visit https://lists.isc.org/mai
> From: Robert Moskowitz
> One of my secondaries, though, does not support DNSSEC
How does a secondary authoritative DNS server fail to support DNSSEC?
It's not as if it would be doing any signature checking or automagic
(re)signing. Does it not tolerate the not at all new RRSIG and
NSEC or NS
Is there any practical difference between the following two:
1.
example.com. NS ns1.example.com.
example.com. NS ns2.example.com.
ns1.example.com. A 1.1.1.1
ns2.example.com. A 1.1.1.2
2.
example.com. NS ns.example.com.
ns.example.com. A 1.1.1.1
ns.example.com. A 1.1.1.2
Is there any possible dif
https://puck.nether.net/dns/login
--
Bryan S.G.
On 17 February 2013 20:40, Robert Moskowitz wrote:
> I hope to roll out my DNS upgrade today, but without enabling DNSSEC; that
> will take a bit longer.
>
> One of my secondaries, though, does not support DNSSEC and it is the one
> that gives me
Hi Robert..
You can try using my DNS project..
http://manage.dnssocial.com
http://www.dnssocial.com
http://manage.dnssocial.com/gdrive
Please click "add slave server" button. TQ
FYI we also already come out with appliance version.
"If someone feels that they had never made a mistake in their l
I hope to roll out my DNS upgrade today, but without enabling DNSSEC;
that will take a bit longer.
One of my secondaries, though, does not support DNSSEC and it is the one
that gives me a bit of geographical diversity. So I am looking for
someplace that will accept my smallish domains.
than
19 matches
Mail list logo