Hello Howard Leadmon,
Am 2012-01-11 10:31:11, hacktest Du folgendes herunter:
Then I go to make a change to my DNS file, whoa was I in for a shock, as
:-D
So I guess my million dollar question is, I want to use DNSSEC (it's
actually working now), but I want to be able to edit my zone files
OK, in an attempt to start using DNSSEC over here, I suppose I bit myself
in the backside, and even spending some time using googlefu I still haven't
quite figured this all out.
I am currently running the current BIND 9.8.1, and setup to support DNSSEC.
After reading around a bit, I saw that
You want BIND 9.9 (currently 9.9.0rc1) with inline signing. This will do
exactly what you want, I think.
--Michael
On Jan 11, 2012, at 9:31 AM, Howard Leadmon wrote:
OK, in an attempt to start using DNSSEC over here, I suppose I bit myself
in the backside, and even spending some time
On 11/01/12 15:31, Howard Leadmon wrote:
Then I go to make a change to my DNS file, whoa was I in for a shock, as
apparently BIND took my nice text file for DNS I have edited for ages, and
As you found out, you cannot do that. auto-dnssec maintain requires
that updates to the zone by via
ISC is also, by pure luck, offering a web seminar on inline signing in BIND 9.9
today. While the first one starts in 15 minutes as I write this message, there
are a total of three sessions today.
Head on over to http://www.isc.org/webinar to find out the times and
information on how to join.
Howard Leadmon how...@leadmon.net wrote:
So I guess my million dollar question is, I want to use DNSSEC (it's
actually working now), but I want to be able to edit my zone files the way I
always have for many years, and just have BIND sign the zones with the keys
and update as needed to keep
...@isc.org]
Sent: Wednesday, January 11, 2012 10:48 AM
To: Howard Leadmon
Cc: bind-users@lists.isc.org
Subject: Re: DNSSEC made simple, is this possible?
ISC is also, by pure luck, offering a web seminar on inline signing in
BIND 9.9
today. While the first one starts in 15 minutes as I write
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/11/2012 10:47 AM, Phil Mayers wrote:
On 11/01/12 15:31, Howard Leadmon wrote:
Then I go to make a change to my DNS file, whoa was I in for a
shock, as
apparently BIND took my nice text file for DNS I have edited for ages,
and
As you
I took the ISC 2 day Intro to DNS and BIND class. The instructor made a
good point that building from source frees you from the dependance on the
distro's package maintainer. As part of the class, we had to compile bind
from scratch. It was very straight forward ./configure, make, make
On 11/01/12 17:04, Ryan Novosielski wrote:
Not that this is honestly so hard, however. I have played with it at
home some and the ns-update command means that you can still at least do
this manually fairly easily from the command line. Is my read on that
correct?
Performing a dynamic DNS
On 1/11/2012 8:50 AM, Howard Leadmon wrote:
Now if FreeBSD would just add 9.9 to the ports collection
I generally don't add new versions until they are released, but if there
is sufficient interest I can take a look at adding this as a -devel
version sooner rather than later.
Doug
--
]
Sent: Wednesday, January 11, 2012 12:21 PM
To: Howard Leadmon
Cc: 'Michael Graff'; bind-users@lists.isc.org
Subject: Re: DNSSEC made simple, is this possible?
On 1/11/2012 8:50 AM, Howard Leadmon wrote:
Now if FreeBSD would just add 9.9 to the ports collection
I generally don't add new
On 1/11/2012 9:27 AM, Howard Leadmon wrote:
As always thanks for all the support for things like this on the FreeBSD
side.
My pleasure.
That said, I'd love to see that happen, even as a -devel type port,
since in general when ISC considers something an RC, it's pretty darn stable
by the
Phil Mayers p.may...@imperial.ac.uk wrote:
Something like Tony's nsdiff script (see his post) makes it relatively easy,
but it's still another step.
It's more like a replacement step: run nsdiff | nsupdate instead of rndc reload.
Tony.
--
f.anthony.n.finch d...@dotat.at http://dotat.at/
Next great thing would be for ISC to support the Soft-HSM that
OpenDNSSEC uses. I believe that this would make the step of moving to a
real hardware HSM a lot easier (if necessary).
softhsm works with BIND 9. It's cumbersome--you need special
configure options and and a patched version of
Next great thing would be for ISC to support the Soft-HSM that
OpenDNSSEC uses. I believe that this would make the step of moving to a
real hardware HSM a lot easier (if necessary).
BIND has supported the PKCS#11 interface (./configure --with-pkcs11)
since 9.6 IIRC, so it ought to be possible
On Wed, 2012-01-11 at 19:26 +0100, Jan-Piet Mens wrote:
Next great thing would be for ISC to support the Soft-HSM that
OpenDNSSEC uses. I believe that this would make the step of moving to a
real hardware HSM a lot easier (if necessary).
BIND has supported the PKCS#11 interface
Now if FreeBSD would just add 9.9 to the ports collection
I generally don't add new versions until they are released,
ISC said today in the inline-signing Webinar, that 9.9 would probably be
released on February 7th. Maybe wait for that?
-JP
18 matches
Mail list logo