On 08/18/2010 06:55 PM, Dave Sparro wrote:
On 8/18/2010 1:12 PM, Casey Deccio wrote:
On Wed, Aug 18, 2010 at 9:48 AM, Dave Sparrodspa...@gmail.com wrote:
On 8/18/2010 8:30 AM, Phil Mayers wrote:
...since the ncbi zone is an unsigned child zone, there needs to be an
NSEC/NSEC3 record to
I agree with this idea. Sorta like when a browser is presented with an
invalid SSL cert by a website. It could be that you put in example.com
when the cert is for www.example.com or in the case of a self-signed
cert, as long as I am not giving them sensitive data, I, the user, can
accept or deny
It comes right up in Firefox but prompts for a username and password.
Dig shows:
dig www.ncbi.nlm.nih.gov
; DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 www.ncbi.nlm.nih.gov
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 22983
;; flags: qr rd ra; QUERY:
On 18/08/10 13:30, Phil Mayers wrote:
On 18/08/10 13:15, Lightner, Jeff wrote:
It comes right up in Firefox but prompts for a username and password.
Do you have DNSSEC validation enabled? Because as per my email, it's a
DNSSEC problem.
Damn - in fact sorry, scratch that. I realise my
On 18/08/10 13:15, Lightner, Jeff wrote:
It comes right up in Firefox but prompts for a username and password.
Do you have DNSSEC validation enabled? Because as per my email, it's a
DNSSEC problem.
After a bit of investigation, it seems that the problem is a missing
NSEC/NSEC3 record in
On Wed, Aug 18, 2010 at 5:30 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
After a bit of investigation, it seems that the problem is a missing
NSEC/NSEC3 record in the empty reply for:
$ dig +dnssec @165.112.4.230 ncbi.nlm.nih.gov ds
...since the ncbi zone is an unsigned child zone, there
On 8/18/2010 8:30 AM, Phil Mayers wrote:
On 18/08/10 13:15, Lightner, Jeff wrote:
It comes right up in Firefox but prompts for a username and password.
Do you have DNSSEC validation enabled? Because as per my email, it's a
DNSSEC problem.
After a bit of investigation, it seems that the
On Wed, Aug 18, 2010 at 9:48 AM, Dave Sparro dspa...@gmail.com wrote:
On 8/18/2010 8:30 AM, Phil Mayers wrote:
...since the ncbi zone is an unsigned child zone, there needs to be an
NSEC/NSEC3 record to prove the absence of the DS record, and have a
secure delegation to an unsigned child
On 8/18/2010 1:12 PM, Casey Deccio wrote:
On Wed, Aug 18, 2010 at 9:48 AM, Dave Sparrodspa...@gmail.com wrote:
On 8/18/2010 8:30 AM, Phil Mayers wrote:
...since the ncbi zone is an unsigned child zone, there needs to be an
NSEC/NSEC3 record to prove the absence of the DS record, and have a
On Wed, Aug 18, 2010 at 10:55 AM, Dave Sparro dspa...@gmail.com wrote:
It seems to me that the OP wanted a work-around to the fact that his end
users couldn't use the website due to a validation failure.
It still seems to me that working around that situation misses the point of
using DNSSEC.
10 matches
Mail list logo
