Re: Slaves or Forwarders?

2016-08-23 Thread Mark Andrews
In message <844475874024407090c1c2e9d5718...@mxph4chrw.fgremc.it>, "Darcy Kevin (FCA)" writes: > From an InfoSec standpoint, of course one would prefer to use > cryptographic methods of securing DNS data, but, in the absence of that, > slaving could, arguably, be considered more secure than

RE: Slaves or Forwarders?

2016-08-23 Thread Darcy Kevin (FCA)
>From an InfoSec standpoint, of course one would prefer to use cryptographic >methods of securing DNS data, but, in the absence of that, slaving could, >arguably, be considered more secure than forwarding, in the sense that >forwarding usually generates more network transactions, over time, for

RE: forward first and fallback not working

2016-08-23 Thread Darcy Kevin (FCA)
Look in your logs at the time of named startup to see if your root-server priming failed at that time. - kevin -Original Message- From: bind-users

Re: keys and inline signing

2016-08-23 Thread Tony Finch
Andreas Meyer wrote: > > Do I need to create keys first when I create a new zone and > use inline signing or is keycreation done by named? named does not create keys for you, but have a look at dnssec-keymgr in BIND 9.11 Tony. -- f.anthony.n.finch

keys and inline signing

2016-08-23 Thread Andreas Meyer
Hello! Do I need to create keys first when I create a new zone and use inline signing or is keycreation done by named? Regards Andreas pgpTqth4sBZkE.pgp Description: Digitale Signatur von OpenPGP ___ Please visit

Re: Slaves or Forwarders?

2016-08-23 Thread Tony Finch
Baird, Josh wrote: > > In the past, when I have had a requirement to bring a slave zone into > our environment; I created a slave zone on my master(s) (defining the > external nameserver as a master) and then created slave zones on my > slaves using *my* master as a master

Slaves or Forwarders?

2016-08-23 Thread Baird, Josh
Hi, In the past, when I have had a requirement to bring a slave zone into our environment; I created a slave zone on my master(s) (defining the external nameserver as a master) and then created slave zones on my slaves using *my* master as a master (not the master outside of my environment).

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-23 Thread Andreas Meyer
Tony Finch schrieb am 23.08.16 um 10:45:15 Uhr: > Aleks Ostapenko wrote: > > > As for second variant - unfortunately I don't know how to edit manually TTL > > in the signed (not raw) master file. > > (1) Use `rndc freeze` which makes `named`

forward first and fallback not working

2016-08-23 Thread marco
Hi, bind 9.10.3_p4 with this global option: forward first; forwarders { 8.8.8.8; }; If i dig from localhost or any client and 8.8.8.8 answers all is ok but if 8.8.8.8 is unreachable or it doesn't respond, bind doesn't fallback on himslef asking to root server etc . This is not expected.

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-23 Thread Tony Finch
Aleks Ostapenko wrote: > As for second variant - unfortunately I don't know how to edit manually TTL > in the signed (not raw) master file. (1) Use `rndc freeze` which makes `named` rewrite the zone file with all pending changes from the journal, and makes it

Re: DNSKEY and RRSIG DNSKEY TTL values aren't changed after changing of zone's TTL

2016-08-23 Thread Aleks Ostapenko
Thanks. But in case with `nsupdate` - yes, this is unsigning/signing case, which I would like to avoid. As for second variant - unfortunately I don't know how to edit manually TTL in the signed (not raw) master file. Kind regards, Aleks Ostapenko ___