Hi Stephane
On Mon, Feb 16, 2015 at 05:34:53PM +0100, Stephane Bortzmeyer wrote:
DNSviz, like Unbound, says the domain is broken:
http://dnsviz.net/d/cepn.asso.fr/VOGwhA/dnssec/
DNSviz complains about missing RRs, but shows status:SECURE in
epn.asso.fr. with green outlines for DNSKEY, SOA,
[The domain has recently changed its configuration so do not test it.]
With Unbound, I get a SERVFAIL:
% dig DNSKEY cepn.asso.fr
; DiG 9.9.5-8-Debian DNSKEY cepn.asso.fr
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 62442
;; flags: qr rd ra; QUERY: 1,
This is a question about the operating system, not BIND.
There are a number of ways. You can enable rollbacks in RPM, you can keep
snaphots... you're not going to run into incompatible upgrades in BIND during a
simple patching.
--
*Note: UMDNJ is now Rutgers-Biomedical and Health
Good point.
Fedora isn't really a good choice for Production systems - it is bleeding edge
with short life cycle (usually new version is out 6 months later and they only
support the most recent 2.)
Fedora is used as a test bed for what ends up in RHEL later. RHEL has much
longer life cycle
On Mon, Feb 16, 2015 at 10:39:52PM +0530, Mukund Sivaraman wrote:
DNSviz also has explanation for why the green shapes are secure.
(1) There is one item that bothers me:
fr. to cepn.asso.fr.: The DS RRset for the zone included algorithm 5
(RSASHA1), but no key with algorithm 5 was found signing
In message 20150216163453.ga...@nic.fr, Stephane Bortzmeyer writes:
[The domain has recently changed its configuration so do not test it.]
With Unbound, I get a SERVFAIL:
% dig DNSKEY cepn.asso.fr
; DiG 9.9.5-8-Debian DNSKEY cepn.asso.fr
;; global options: +cmd
;; Got answer:
;;
On Mon, Feb 16, 2015 at 11:26:00PM +0530, Mukund Sivaraman wrote:
On Mon, Feb 16, 2015 at 11:19:51PM +0530, Mukund Sivaraman wrote:
But while RFC 4509 sec. 6 talks about this issue in the case of DS with
SHA-2 algorithms, there is no requirement there.
There is this nugget here:
On Mon, Feb 16, 2015 at 05:34:53PM +0100, Stephane Bortzmeyer wrote:
;; ANSWER SECTION:
cepn.asso.fr. 171998 IN DS 36778 5 2 (
D21FC827CF4621DF88D06A8F6EA5F4B4DE72A362AB2E
03D440C315A9D8FE1407 )
cepn.asso.fr. 171998
In message 20150216212821.ga27...@nic.fr, Stephane Bortzmeyer writes:
On Tue, Feb 17, 2015 at 07:34:37AM +1100,
Mark Andrews ma...@isc.org wrote
a message of 171 lines which said:
The validator is *not* supposed to *check* if the zone has been
signed with all the alogorithms in the DS
On Tue, Feb 17, 2015 at 07:34:37AM +1100,
Mark Andrews ma...@isc.org wrote
a message of 171 lines which said:
The validator is *not* supposed to *check* if the zone has been
signed with all the alogorithms in the DS RRset. It is supposed to
keep trying all RRSIG/DS/DNSKEY combinations
Does anybody now if there are any developments in this standard and its
implementation. Particular reference to email.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
On Mon, Feb 16, 2015 at 11:34 AM, Stephane Bortzmeyer bortzme...@nic.fr
wrote:
With Unbound, I get a SERVFAIL:
...
But BIND accepts it (and so does Google Public DNS):
...
DNSviz, like Unbound, says the domain is broken:
http://dnsviz.net/d/cepn.asso.fr/VOGwhA/dnssec/
Broken is a
Hi Team,
My DNS current version is BIND 9.8.4-P1 and OS is Fedora Core release
6 (Zod).
So could you let me know.
_yum update named_ works for upgrade to current version, if yes then
what will be the fall back procedure of upgrade fails?
--
BR//
Sundram Bharti
+919717977886
The package is “bind” not “named”. The daemon is called “named”. You can
type “rpm –qf $(which named)” to determine which package installed that daemon.
(Likely it was bind.)
Also if you’re running the chroot’ed version you’d want the package
“bind-chroot”.
I’d suggest you run “rpm –qa
14 matches
Mail list logo