In message <844475874024407090c1c2e9d5718...@mxph4chrw.fgremc.it>, "Darcy Kevin
(FCA)" writes:
> From an InfoSec standpoint, of course one would prefer to use
> cryptographic methods of securing DNS data, but, in the absence of that,
> slaving could, arguably, be considered more secure than
>From an InfoSec standpoint, of course one would prefer to use cryptographic
>methods of securing DNS data, but, in the absence of that, slaving could,
>arguably, be considered more secure than forwarding, in the sense that
>forwarding usually generates more network transactions, over time, for
Look in your logs at the time of named startup to see if your root-server
priming failed at that time.
- kevin
-Original Message-
From: bind-users
Andreas Meyer wrote:
>
> Do I need to create keys first when I create a new zone and
> use inline signing or is keycreation done by named?
named does not create keys for you, but have a look at dnssec-keymgr in
BIND 9.11
Tony.
--
f.anthony.n.finch
Hello!
Do I need to create keys first when I create a new zone and
use inline signing or is keycreation done by named?
Regards
Andreas
pgpTqth4sBZkE.pgp
Description: Digitale Signatur von OpenPGP
___
Please visit
Baird, Josh wrote:
>
> In the past, when I have had a requirement to bring a slave zone into
> our environment; I created a slave zone on my master(s) (defining the
> external nameserver as a master) and then created slave zones on my
> slaves using *my* master as a master
Hi,
In the past, when I have had a requirement to bring a slave zone into our
environment; I created a slave zone on my master(s) (defining the external
nameserver as a master) and then created slave zones on my slaves using *my*
master as a master (not the master outside of my environment).
Tony Finch schrieb am 23.08.16 um 10:45:15 Uhr:
> Aleks Ostapenko wrote:
>
> > As for second variant - unfortunately I don't know how to edit manually TTL
> > in the signed (not raw) master file.
>
> (1) Use `rndc freeze` which makes `named`
Hi,
bind 9.10.3_p4 with this global option:
forward first;
forwarders {
8.8.8.8;
};
If i dig from localhost or any client and 8.8.8.8 answers all is ok but
if 8.8.8.8 is unreachable or it doesn't respond, bind doesn't fallback
on himslef asking to root server etc .
This is not expected.
Aleks Ostapenko wrote:
> As for second variant - unfortunately I don't know how to edit manually TTL
> in the signed (not raw) master file.
(1) Use `rndc freeze` which makes `named` rewrite the zone file with all
pending changes from the journal, and makes it
Thanks.
But in case with `nsupdate` - yes, this is unsigning/signing case, which I
would like to avoid.
As for second variant - unfortunately I don't know how to edit manually TTL
in the signed (not raw) master file.
Kind regards,
Aleks Ostapenko
___
11 matches
Mail list logo