Subject: RE: BIND, DNSSEC & AD
Marc Lampo wrote:
>
> you are aware that Windows DNS service understands DNSSEC algorithm 5
> (RSA/SHA-1 – NSEC) at most ?
Carsten Strotmann's post says Windows Server 2012 fixes this limitation
http://strotmann.de/roller
Marc Lampo wrote:
>
> you are aware that Windows DNS service understands DNSSEC algorithm 5
> (RSA/SHA-1 – NSEC) at most ?
Carsten Strotmann's post says Windows Server 2012 fixes this limitation
http://strotmann.de/roller/dnsworkshop/entry/dnssec_validation_in_microsoft_dns
Tony.
--
f.anthony.n
Officer
EURid (for .eu)
From: John Williams [mailto:john.1...@yahoo.com]
Sent: 29 June 2012 04:53 PM
To: Marc Lampo; bind-users@lists.isc.org
Subject: Re: BIND, DNSSEC & AD
The purpose behind this is not to protect the internal AD DNS from
hijacking. But rather to allow internal clients to
If you don't want to run named on Windows, it supports dynamic updates with
GSS-TSIG + DNSSEC.
In message <4feed285.7060...@strotmann.de>, "Carsten Strotmann (private)"
writes:
> Hello John,
>
> On 6/29/12 4:52 PM, John Williams wrote:
> > The purpose behind this is not to protect the internal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello John,
On 6/29/12 4:52 PM, John Williams wrote:
> The purpose behind this is not to protect the internal AD DNS from
> hijacking. But rather to allow internal clients to run DNSSEC
> related queries without having to reference external resolver
will
not allow that. That would be ideal though.
Thanks,
JT
From: Marc Lampo
To: 'John Williams' ; bind-users@lists.isc.org
Sent: Friday, June 29, 2012 3:07 AM
Subject: RE: BIND, DNSSEC & AD
Hello,
(not a Bind related question !)
Last ti
Hello JT,
I'm currently working on integrating MS DNSSEC (on Windows 2012) and
BIND here @ Men & Mice for another customer.
I might have a solution for you, but I need more detail information about
your setup. I will contact you by E-Mail on Monday (I hope that is not too
late).
-- Carsten
lausible attack vector for
hackers ?
Kind regards,
Marc Lampo
Security Officer
EURid (for .eu)
From: John Williams [mailto:john.1...@yahoo.com]
Sent: 28 June 2012 10:35 PM
To: bind-users@lists.isc.org
Subject: BIND, DNSSEC & AD
I have an environment that hosts a BIND based int
I have an environment that hosts a BIND based internet facing domain, call it
abc.com. I also have an internal Active Directory instance that hosts a MS
based DNS instance called abc.com as well. Everything works fine until we
decided to implement DNSSEC on Active Directory.
Here is my questi
9 matches
Mail list logo