On 2/2/14 5:39 AM, Tony Finch wrote:
> David Newman wrote:
>> On 1/31/14 10:35 AM, Tony Finch wrote:
>>> David Newman wrote:
What action, if any, is needed?
>>>
>>> Does rndc sign make it wake up?
>>
>> Alas, no. There are a bunch of successful IXFR messages to slave servers
>> but the
David Newman wrote:
> On 1/31/14 10:35 AM, Tony Finch wrote:
> > David Newman wrote:
> >>
> >> What action, if any, is needed?
> >
> > Does rndc sign make it wake up?
>
> Alas, no. There are a bunch of successful IXFR messages to slave servers
> but the dates in that NSEC3PARAM RRSIG did not cha
On 1/31/14 10:35 AM, Tony Finch wrote:
> David Newman wrote:
>>
>> What action, if any, is needed?
>
> Does rndc sign make it wake up?
Alas, no. There are a bunch of successful IXFR messages to slave servers
but the dates in that NSEC3PARAM RRSIG did not change.
> Is there anything in the log
David Newman wrote:
>
> What action, if any, is needed?
Does rndc sign make it wake up? Is there anything in the logs
reporting problems, e.g. inability to read the key files?
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at f
On 1/31/14 3:10 AM, Tony Finch wrote:
>> 2. For five domains, the log contains signature-has-expired warnings.
>>
>> In all five cases, these are for NSEC3PARAM records.
>>
>> Is any action needed on my part, for example manually doing NSEC3
>> signing of these zones?
>
> See if named has already
David Newman wrote:
>
> 2. For five domains, the log contains signature-has-expired warnings.
>
> In all five cases, these are for NSEC3PARAM records.
>
> Is any action needed on my part, for example manually doing NSEC3
> signing of these zones?
See if named has already re-signed them - check th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 1/28/14 3:49 AM, Alan Clegg wrote:
>
> On Jan 27, 2014, at 7:32 PM, David Newman
> wrote:
>
>> Asking again, in a different and more generic form: When
>> rebuilding a bind 9.9.4 server running DNSSEC with auto maintain,
>> are there any steps I
> Asking again, in a different and more generic form: When rebuilding a
> bind 9.9.4 server running DNSSEC with auto maintain, are there any steps
> I need to take beyond just backing up /var/named/etc/namedb (this is on
> FreeBSD) and restoring?
>
> This server is authoritative and primary, and h
On Jan 27, 2014, at 7:32 PM, David Newman wrote:
> Asking again, in a different and more generic form: When rebuilding a
> bind 9.9.4 server running DNSSEC with auto maintain, are there any steps
> I need to take beyond just backing up /var/named/etc/namedb (this is on
> FreeBSD) and restoring?
Asking again, in a different and more generic form: When rebuilding a
bind 9.9.4 server running DNSSEC with auto maintain, are there any steps
I need to take beyond just backing up /var/named/etc/namedb (this is on
FreeBSD) and restoring?
This server is authoritative and primary, and has slaves fo
Are there any recommended practices/config changes needed when upgrading
or restoring a bind 9.9.4 server using DNSSEC inline signing and auto
maintain?
Asking specifically about upgrading a server running on NanoBSD, but
this question is really about upgrading or restoring any DNSSEC server
with
11 matches
Mail list logo
