Re: dns-sec and Maintaining Human Sanity

On 2010-08-06, at 6:36 PM, Tony Finch wrote: > > OpenDNSSEC predates BIND's auto-signing functionality, so it has become > partly obsolete - but not completely. OpenDNSSEC is far from obsolete, it's in active development [1] and is being used for some important zones [2]. dave [1] http://ww

Re: dns-sec and Maintaining Human Sanity

On Fri, 6 Aug 2010, Martin McCormick wrote: > I have started looking at various ways for our > organization to begin using dns-sec as this appears to be a high > management priority and it will eventually become necessary to > operate. We have a fairly simple structure with a official master

Re: dns-sec and Maintaining Human Sanity

On 06/08/10 12:24, Martin McCormick wrote: The one thing that impresses me about dns-sec is that it appears to be one of those things that will probably work fine after installation but getting there may be an adventure to put it mildly. My advice is to investigate upgrading to Bind 9.

Re: dns-sec and Maintaining Human Sanity

Niobos writes: > Definitely consider the 9.7 series! You can enable auto-dnssec which > will maintain your signatures for you out-of-the-box. It also supports > key rollover, but IIRC doesn't generate new keys at this moment. That's not much of a problem. Thanks for reminding me of 9.7. Martin Mc

Re: dns-sec and Maintaining Human Sanity

That is, if one can get the latest version to compile under FreeBSD8.0. So far, the configure process is one dependency after another and I have yet to see it actually finish so that is shades of years gone by when installing software was an art on good days. Use the port, see

Re: dns-sec and Maintaining Human Sanity

Hi, On 2010-08-06 13:24, Martin McCormick wrote: > We are upgrading all DNS and DHCP servers to FreeBSD8.0 > and my plan was to use bind9.6x. If there is a better version for > dns-sec, best to plan to use it now in order to sleigh as much > of this dragon which is breathing fire on the edge

RE: dns-sec and Maintaining Human Sanity

al Message- From: bind-users-bounces+brian.atkins2=va@lists.isc.org [mailto:bind-users-bounces+brian.atkins2=va@lists.isc.org] On Behalf Of Martin McCormick Sent: Friday, August 06, 2010 7:24 AM To: bind-us...@isc.org Subject: dns-sec and Maintaining Human Sanity I have started

dns-sec and Maintaining Human Sanity

I have started looking at various ways for our organization to begin using dns-sec as this appears to be a high management priority and it will eventually become necessary to operate. We have a fairly simple structure with a official master and slave with dynamic DHCP continuously updating