Hi,
I think this should work with some caveats.
First, If you migrate to dnssec-policy (that is the zone is already
signed), make sure that the key properties match the current DNSKEYs.
Second is about your script:
> If the child looses a CDS record - my external script will remove the
>
Hi people,
I have read https://kb.isc.org/docs/dnssec-key-and-signing-policy
I have put the following policy in my named.conf file:-
dnssec-policy "ecdsa256-policy" {
signatures-refresh 5d;
signatures-validity 14d;
signatures-validity-dnskey 14d;
dnskey-ttl 3600;
Hi.
With "APT-Sources: http://ppa.launchpad.net/isc/bind/ubuntu focal/main
amd64 Packages",
the file /usr/share/doc/bind9/README.Debian recommends:
Zones subject to automatic updates (such as via DHCP and/or nsupdate)
should be
stored in /var/lib/bind, and specified with full pathnames.
> On 23 Nov 2022, at 10:09, Borja Marcos wrote:
>
> Hi,
>
> I am working on some DNS monitoring using Dnstap. I have noticed that RR
> messages include
> *both* the query time and response time but, despite being recommended on the
> Protobuf
> specification (I know, it’s just a
Hi,
I am working on some DNS monitoring using Dnstap. I have noticed that RR
messages include
*both* the query time and response time but, despite being recommended on the
Protobuf
specification (I know, it’s just a recommendation!) the CR messages do not
include it.
Is there any particular
5 matches
Mail list logo
