NSEC.
W
On Wed, Jan 14, 2015 at 5:12 PM, Stuart Browne
wrote:
>> Unfortunately we can't sign the fictional TLD, since we are neither master
>> nor slave of the zone.
>> We are just forwarding our queries to a foreign authorative Server.
>>
>> Grüße,
>> Stefan
>
> If the zone isn't signed, it shou
> Unfortunately we can't sign the fictional TLD, since we are neither master
> nor slave of the zone.
> We are just forwarding our queries to a foreign authorative Server.
>
> Grüße,
> Stefan
If the zone isn't signed, it shouldn't be trying to validate it as there's
nothing to validate. Unless
Perhaps if you explained a little more clearly what you are trying to
accomplish you might get more replies...
What are "invalid DNS queries"? What are they in the configuration?
On Wed, Jan 14, 2015 at 5:53 AM, Daniel Dawalibi
wrote:
> Hello,
>
>
>
>
>
> Is there any solution to drop the inval
Hello,
Is there any solution to drop the invalid DNS queries from the BIND
configuration?
Regards
Daniel
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-us
Hi Daniel,
> You may also try to disable all DNSSEC algorithms for a zone:
> https://lists.dns-oarc.net/pipermail/dns-operations/2014-October/012282.html
>
> Regards,
> Daniel
Also a nice idea for a workaround :) But it did not work for me.
This is what I tried:
Options {
>> Our customer uses a fictional Toplevel Domain[...]
>
> Can you flip the problem on its head, by signing the fictional TLD and
> deploying managed-keys (or trusted-keys) on the validating resolvers?
>
> Graham
Unfortunately we can't sign the fictional TLD, since we are neither master nor
slave
On 14/01/2015 09:34, stefan.las...@t-systems.com wrote:
> Our customer uses a fictional Toplevel Domain[...]
Can you flip the problem on its head, by signing the fictional TLD and
deploying managed-keys (or trusted-keys) on the validating resolvers?
Graham
___
Hi Chris,
> While you wait for this to become generally available, you can do what I like
> to do for my customers: Use two layers of recursive DNS servers. The first
> layer takes queries from clients, knows about your insecure domains
> (through stub zones, slave zones, or conditional forwardi
Hm... In our case a short lifespan won't be enough.
Our customer uses a fictional Toplevel Domain and migrating the whole
Infrastructure to a new, proper Domain will take him months if not years.
They'll have to adjust every DNS Config of every Server, every Webservice they
have running interna
On Jan 13, 2015, at 2:35 AM, stefan.las...@t-systems.com wrote:
> I'm just wondering, is an option like unbound's "domain-insecure"
> intentionally not implemented in in BIND? Or did just nobody care
> enough to implement it yet?
I have resisted implementing it because it's too easy for an operato
10 matches
Mail list logo
