Hi Nick,
On Sat, 9 Jan 2016 14:48:12 -0600
Nicholas Williams wrote:
> But the documentation says the opposite. It says NOT to create
> NSEC(3) records (in fact, zone2sql intentionally ignores them, even
> for presigned zones), because (again, it says) PowerDNS
So, I think I’ve almost got this, but I’m having a problem with the pre-signed
zone’s NSEC3 RRSIGs. Here’s what I did:
I already have a live-signed zone (my-zone.com) that works perfectly. A-records
come with automatic RRSIGs, SOA record comes with an RRSIG, NS records come
with an RRSIG, etc.
Hi all,
We're running a PowerDNS 3.4.6 installation with the MySQL backend, and we’re
using pdnsutil secure-zone/set-nsec3/rectify-zone to automatically secure all
of our domains (the least-effort method, instead of manually signing
everything). It works great. Thanks for the excellent
ak the reply signature.
>
> ---
> Aki Tuomi
> Alkuperäinen viesti
> Lähettäjä: Nick Williams <nicho...@nicholaswilliams.net>
> Päivämäärä: 6.1.2016 19.54 (GMT+02:00)
> Saaja: pdns-users Users <pdns-users@mailman.powerdns.com>
> Aihe: [Pdns-users
nicho...@nicholaswilliams.net>
> > Päivämäärä: 6.1.2016 19.54 (GMT+02:00)
> > Saaja: pdns-users Users <pdns-users@mailman.powerdns.com>
> > Aihe: [Pdns-users] Setting up intentionally invalid DNSSEC record in
> > auto-secure environment
> >
> > Hi all,
> >
(inline)
On Wed, Jan 6, 2016 at 11:42 AM, Nicholas Williams
wrote:
> I'll look into that other script. Thanks, Bert.
>
>> How about a creating a separate sub-zone with a broken presigned DNSSEC
>
>> You can set presigned for just that single zone using the
On 2016-01-06 20:42, Nicholas Williams wrote:
I'll look into that other script. Thanks, Bert.
How about a creating a separate sub-zone with a broken presigned
DNSSEC
You can set presigned for just that single zone using the
PRESIGNED domain metadata[1] int your database.
I really like