Well they are documented in the current ARM.
Named has some built-in empty zones (SOA and NS records only).
These are for zones that should normally be answered locally
and which queries should not be sent to the Internetâs root
servers. The official servers which cover these na
I upgraded on of our servers from 9.6-ESV-R8 to 9.8.5-P2 and I am showing 66
more zones than I had before.
I now have:
< ; Zone dump of '64.100.IN-ADDR.ARPA/IN/internal'
< ;
< ; not implemented
thru
< ; Zone dump of '127.100.IN-ADDR.ARPA/IN/internal'
< ;
< ; not implemented
when I do an rnd
On Sep 11, 2013, at 8:11 AM, Brian Cuttler wrote:
> We have remapped some of our DNS clients to point to another
> DNS resolver, one that we do not control, but that has "forwarder"
> records in place to point our domain's address resolution requests
> back to an authoritative server in our domain
Chris,
Thanks, that makes sense, and I'm not all that surprised to hear it.
I haven't heard anything from the amanda list on whether or not
the zmanda client checks to see if the reply is authoritative or
not. And experimentally we failed, then it worked, then failed
and worked again.
So whatev
On Fri, Sep 13, 2013 at 12:38:07PM -0300, Diego Mart??nez wrote:
> if I use bind with zone options:
> auto-dnssec: maintain
> inline-signing: yes
>
> the KSK (public and private parts) must be on-line, right?
> Even if not required to sign the DNSKEY records?
The short answer is yes.
On Sep 13, 2013, at 9:03 AM, Evan Hunt wrote:
> My real recommendation is, if you need an offline KSK, don't use inline
> signing. (You can still use
> auto-dnssec.)
Or use an HSM (hard or soft)...
AlanC
--
Alan Clegg | +1-919-355-8851 | a...@clegg.com
signature.asc
Description: Message s
Hi,
if I use bind with zone options:
auto-dnssec: maintain
inline-signing: yes
the KSK (public and private parts) must be on-line, right?
Even if not required to sign the DNSKEY records?
Thanks,
best regards.
___
Please visit https:/
7 matches
Mail list logo