Hi all Bind users,
i just have a problem with my zone signing output i made all the steps to
obtain a good result.
1. Generated KSK and ZSK
2. Add both of keys at the end of my zone file
3. signing my zone with dnssec-signzone command
4. enable dnssec in named options
5. change
Hello Thierry SAMEN,
On Fri, 20 Jul 2012, William Thierry SAMEN wrote:
Hi all Bind users,
i just have a problem with my zone signing output i made all the steps to
obtain a good result.
1. Generated KSK and ZSK
2. Add both of keys at the end of my zone file
3. signing my zone with
1. Generated KSK and ZSK
2.Add both of keys at the end of my zone file
3.signing my zone with dnssec-signzone command
4.enable dnssec in named options
5.change the name of my zone in the named by namezone.signed
6.I got the root DNSKEY RR set before with dig command
On 12-05-15 09:01 AM, Phil Mayers wrote:
Sorry about the way delayed response. There seems to be some confusion
about which list/group gmane is following.
Isn't it more likely it's a local problem?
Indeed. But what, is the question (and I do have the answer, now --
see below).
Which
On 12-07-20 08:34 AM, Brian J. Murrell wrote:
The problem here seems to be fragmented UDP.
I seem to have misdiagnosed this due to tcpdump peculiarities. I only
initially saw/suspected the problem since my capture for port 53
packets was including (only the first) ipv4 fragments. When adding
On 20/07/12 14:03, Brian J. Murrell wrote:
# dig +dnssec @localhost 119.in-addr.arpa SOA
; DiG 9.9.1-P1 +dnssec @localhost 119.in-addr.arpa SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 49713
;; flags: qr rd ra; QUERY: 1,
In message 50095065.3050...@interlinx.bc.ca, Brian J. Murrell writes:
On 12-05-15 09:01 AM, Phil Mayers wrote:
=20
Sorry about the way delayed response. There seems to be some confusion
about which list/group gmane is following.
=20
Isn't it more likely it's a local problem?
On Fri, Jul 20, 2012 at 2:52 AM, William Thierry SAMEN
thierry.sa...@gmail.com wrote:
i just have a problem with my zone signing output i made all the steps to
obtain a good result.
...
my zone name is *willzik.co.uk*
**
I'm getting an NXDOMAIN response from the co.uk servers, rather than
On Fri, Jul 20, 2012 at 6:03 AM, Brian J. Murrell br...@interlinx.bc.cawrote:
On 12-07-20 08:34 AM, Brian J. Murrell wrote:
The problem here seems to be fragmented UDP.
I seem to have misdiagnosed this due to tcpdump peculiarities. I only
initially saw/suspected the problem since my
all this step has been well done, but the last step:
Generate DS records and provide them to your registrar.
has not been fluent for me. I found how can i provide key to the registrar i
used this command:
dnssec-dsfromkey -2 Kwillzik.co.uk KSK.key is it the good way to do?
That command
On 12-07-20 09:11 AM, Phil Mayers wrote:
Or, what happens if you start bind up in debug mode and run the query?
There will be a lot of output, but I've found most problems to be fairly
obvious if you read through it.
Yeah, there is a lot of output. Too big of a haystack for me to find
the
In message jubkum$qve$1...@dough.gmane.org, Brian J. Murrell writes:
On 12-07-20 08:34 AM, Brian J. Murrell wrote:
=20
The problem here seems to be fragmented UDP.
I seem to have misdiagnosed this due to tcpdump peculiarities. I only
initially saw/suspected the problem since my capture
On 12-07-20 10:42 AM, Mark Andrews wrote:
The NS RRset is the delegation records and as such has no RRSIGs.
If you turn on minimal-responses the NS rrset won't be added and
AD won't be cleared. AD is only set to 1 if all the records in the
answer and authority sections are marked as
On 20/07/12 15:33, Brian J. Murrell wrote:
On 12-07-20 09:11 AM, Phil Mayers wrote:
Or, what happens if you start bind up in debug mode and run the query?
There will be a lot of output, but I've found most problems to be fairly
obvious if you read through it.
Yeah, there is a lot of output.
In message 50096c2b.1080...@interlinx.bc.ca, Brian J. Murrell writes:
Just for good measure, since I think I have posted this before, but here
are the options I have set in my bind configuration with regard to dnssec=
:
dnssec-enable yes;
dnssec-validation yes;
On 20/07/12 16:21, Mark Andrews wrote:
In message 50096c2b.1080...@interlinx.bc.ca, Brian J. Murrell writes:
Just for good measure, since I think I have posted this before, but here
are the options I have set in my bind configuration with regard to dnssec=
:
dnssec-enable yes;
In message 500978a5.4070...@imperial.ac.uk, Phil Mayers writes:
On 20/07/12 16:21, Mark Andrews wrote:
In message 50096c2b.1080...@interlinx.bc.ca, Brian J. Murrell writes:
Just for good measure, since I think I have posted this before, but here
are the options I have set in my bind
Hi
We have getting a lot of errors like the following from our BIND 9
servers (9.5.1.1):
20-Jul-2012 15:26:40.181 config: error:
/var/named/etc/namedb/conf/zone_0.conf:1529: zone 'x.net':
already exists previous definition: /var/named/etc/namedb/conf/zone_0.conf:1529
20-Jul-2012
On 20 Jul 2012, at 21:40, Active Venture - Tom t...@active-venture.com wrote:
20-Jul-2012 15:26:40.181 config: error:
/var/named/etc/namedb/conf/zone_0.conf:1529: zone 'x.net': already exists
previous definition: /var/named/etc/namedb/conf/zone_0.conf:1529
20-Jul-2012 15:26:46.270
In message 500985c0.3000...@interlinx.bc.ca, Brian J. Murrell writes:
On 12-07-20 11:40 AM, Mark Andrews wrote:
=20
In message 500978a5.4070...@imperial.ac.uk, Phil Mayers writes:
On 20/07/12 16:21, Mark Andrews wrote:
In message 50096c2b.1080...@interlinx.bc.ca, Brian J. Murrell wri=
In message 20120720204053.43b5615e...@da1.active-domain.com, Active Venture -
Tom writes:
Hi
We have getting a lot of errors like the following from our BIND 9
servers (9.5.1.1):
9.5.1 has know security flaws and was end of lifed several years ago.
20-Jul-2012 15:26:40.181 config:
On 07/20/2012 07:05, Casey Deccio wrote:
On Fri, Jul 20, 2012 at 2:52 AM, William Thierry SAMEN
thierry.sa...@gmail.com mailto:thierry.sa...@gmail.com wrote:
i just have a problem with my zone signing output i made all the
steps to obtain a good result.
...
my zone name is
22 matches
Mail list logo
