In the process of setting u a new domain I noticed that some existing domains
are logging and error into /var/log/messages
domain.tld.signed:120: signature has expired
Each domain that is expired shows the same :120
The lines in question do refer to old ALG-7 signatures but shouldn’t those go
I have a domain that I hot DNS and email for, but not web. I set the A record
for www.example.com to the IP of the web server with nsupdate, removing the old
CNAME the pointed to the local webserver, but the web monkey for the new
website is saying that www has to be a CNAME and the @ record
On 30 May 2021, at 12:23, Grant Taylor via bind-users
wrote:
> On 5/30/21 9:24 AM, Richard T.A. Neal wrote:
>> I spent a little time this weekend setting-up BIND 9.17.13 on Ubuntu 21.04
>> and configuring the system as a recursive resolver offering DNS over HTTPS
>> using a LetsEncrypt
Doe anyone know the syntax for using purge-keys in 9.16.13? I've search and all
I can find is notes that it was added. I've tried a couple of things, but I am
shooting in the dark. I cannot redefine the "default" policy as that gives and
error and simply putting "purge-keys P90D;" or
I am getting the following warning:
The following NS name(s) were found in the authoritative NS RRset, but not in
the delegation NS RRset (i.e., in the com zone): (a DNS server)
The DNS server exists and is used by other domains, so This is something
specific to this one domain and not to the
In named.conf I have
dnssec-enable yes;
dnssec-validation auto;
# rndc managed-keys status
view: _default
next scheduled event: Sun, 05 Jul 2020 20:43:00 GMT
name: .
keyid: 20326
algorithm: RSASHA256
flags: SEP
next refresh: Sun, 05 Jul 2020
What is the proper syntax gor changing the TTL on a zone with nsupdate?
Does the existence of $TTL 86400 in the domain.conf file override nssupdate’s
attempts to change the TTL?
# nsupdate -k /path/to/key
> zone example.com
> ttl 3600
> send
> ^d
No errors, but no change in the TTL.
--
"I
On 23 Feb 2020, at 07:57, @lbutlr wrote:
> (9.11.6 should be coming really soon)
9.11.16, and I appear to be behind a touch, it is already released.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
On 22 Feb 2019, at 09:54, Tony Finch wrote:
> You might want a config like
>
> zone "example.com" {
> type master;
> file "master/example.com”;
Not example.com.signed?
> update-policy local;
> auto-dnssec maintain;
>
On 21 Feb 2019, at 20:43, Grant Taylor via bind-users
wrote:
>
> On 2/21/19 6:28 PM, @lbutlr wrote:
>> rndc reload did not recreate (or at least update the time stamp) on the
>> .signed file.
>
> Hum. Maybe it's something different about how you're doing DNSSEC than I am.
>
> I have BIND
On 21 Feb 2019, at 18:28, @lbutlr wrote:
> Is the original random key that was generated at the time of signing kept
> somewhere? NSEC3 seems to contain a 16 character hex sting that recurs
> throughout the file.
OK, I moved aside the signed file, resigned the domain using the 16 character
> On 21 Feb 2019, at 13:41, Grant Taylor via bind-users
> wrote:
>
> On 02/21/2019 01:34 PM, @lbutlr via bind-users wrote:
>> I edited a zone file after issuing a rndc freeze command, added two new sub
>> zones, changed the serial number, saved the file, and then
I edited a zone file after issuing a rndc freeze command, added two new sub
zones, changed the serial number, saved the file, and then did an rndc thaw.
In var/log.messages I get
zone serial (2019020105) unchanged. zone may fail to transfer to slaves.
which is the previous serial number.
So,
13 matches
Mail list logo
