RE: Setup a hidden master

Thanks for the quick response and confirmation Ondřej You have helped take my paranoia levels down at least one notch! Andy Baker From: Ondřej Surý Sent: Tuesday, February 15, 2022 10:12 AM To: Andrew Baker Cc: bind-users@lists.isc.org Subject: Re: Setup a hidden master Hi, do both, or at

Re: Setup a hidden master

On 2/15/22 09:06, Andrew Baker via bind-users wrote: Dear List, We are based in the middle east and manage a lot of domains across a lot of tld’s including regional ones. Not all registrars are equal and the DNS services of several weren’t offering what we required. For a number of

Re: Setup a hidden master

Hi, do both, or at least the firewall. But you absolutely must remove the hidden primary from the list of NS both in the parent and child zones. That’s the most important thing to do. Start with that, the rest is just additional layers. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours

Setup a hidden master

Dear List, We are based in the middle east and manage a lot of domains across a lot of tld's including regional ones. Not all registrars are equal and the DNS services of several weren't offering what we required. For a number of operational and political reasons, it was decided to setup a

Re: Changing ZSK-lifetime in dnssec-policy is not applied

Hi Matthijs Perfect, thank you for this information and clarifying this. Best regards, Tom On 14.02.22 09:59, Matthijs Mekking wrote: Hi Tom, The lifetime is applied to new keys, so when the ZSK is rolled the lifetime of the successor key should be 60 days. I have considered applying it

Re: Changing ZSK-lifetime in dnssec-policy is not applied

Hi Tom, The lifetime is applied to new keys, so when the ZSK is rolled the lifetime of the successor key should be 60 days. I have considered applying it to existing keys as well (and maybe we will some day), but there are a bunch of corner cases that make it non-trivial, especially when