On Fri, Sep 30, 2011 at 6:16 PM, Hauke Lampe la...@hauke-lampe.de wrote:
Aside from the missing DS, I don't see why BIND complains about the
NXDOMAIN response at first and then returns that cached record set in
response to later queries for the same name. dig +sigchase validates it,
if
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256 from key repository.
Fetching ZSK
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256 from key repository.
Fetching ZSK
On 01/10/2011 09:25, CT wrote:
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256
On Fri, Sep 30, 2011 at 10:26:34PM +, Raymond Drew Walker wrote:
In our initial implementation of DNSSEC, we chose to try out the auto
functionalities in version 9.8.0 P4 ie. using auto-dnssec maintain in
all master zones.
When going live, we found that though all zones that we are
On 10/01/2011 04:40 AM, Matthew Seaman wrote:
On 01/10/2011 09:25, CT wrote:
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key
On 10/01/11 04:54, Bill Owens wrote:
On Fri, Sep 30, 2011 at 10:26:34PM +, Raymond Drew Walker wrote:
In our initial implementation of DNSSEC, we chose to try out the
auto functionalities in version 9.8.0 P4 ie. using auto-dnssec
maintain in all master zones.
When going live, we found that
7 matches
Mail list logo