I agree with this idea. Sorta like when a browser is presented with an
invalid SSL cert by a website. It could be that you put in example.com
when the cert is for www.example.com or in the case of a self-signed
cert, as long as I am not giving them sensitive data, I, the user, can
accept or deny th
On 08/18/2010 06:55 PM, Dave Sparro wrote:
On 8/18/2010 1:12 PM, Casey Deccio wrote:
On Wed, Aug 18, 2010 at 9:48 AM, Dave Sparro wrote:
On 8/18/2010 8:30 AM, Phil Mayers wrote:
...since the "ncbi" zone is an unsigned child zone, there needs to be an
NSEC/NSEC3 record to prove the absence o
On Wed, Aug 18, 2010 at 10:55 AM, Dave Sparro wrote:
> It seems to me that the OP wanted a work-around to the fact that his end
> users couldn't use the website due to a validation failure.
> It still seems to me that working around that situation misses the point of
> using DNSSEC.
>
I read your
On 8/18/2010 1:12 PM, Casey Deccio wrote:
On Wed, Aug 18, 2010 at 9:48 AM, Dave Sparro wrote:
On 8/18/2010 8:30 AM, Phil Mayers wrote:
...since the "ncbi" zone is an unsigned child zone, there needs to be an
NSEC/NSEC3 record to prove the absence of the DS record, and have a
secure delegation
On Wed, Aug 18, 2010 at 9:48 AM, Dave Sparro wrote:
> On 8/18/2010 8:30 AM, Phil Mayers wrote:
>>
>> ...since the "ncbi" zone is an unsigned child zone, there needs to be an
>> NSEC/NSEC3 record to prove the absence of the DS record, and have a
>> secure delegation to an unsigned child zone.
>
>
>
On 8/18/2010 8:30 AM, Phil Mayers wrote:
On 18/08/10 13:15, Lightner, Jeff wrote:
It comes right up in Firefox but prompts for a username and password.
Do you have DNSSEC validation enabled? Because as per my email, it's a
DNSSEC problem.
After a bit of investigation, it seems that the proble
On Wed, Aug 18, 2010 at 5:30 AM, Phil Mayers wrote:
>
> After a bit of investigation, it seems that the problem is a missing
> NSEC/NSEC3 record in the empty reply for:
>
> $ dig +dnssec @165.112.4.230 ncbi.nlm.nih.gov ds
>
> ...since the "ncbi" zone is an unsigned child zone, there needs to be an
: Wed Aug 18 08:40:29 2010
;; MSG SIZE rcvd: 76
-Original Message-
From: Phil Mayers [mailto:p.may...@imperial.ac.uk]
Sent: Wednesday, August 18, 2010 8:31 AM
To: Lightner, Jeff
Cc: bind-users@lists.isc.org
Subject: Re: www.ncbi.nlm.nih.gov / pubmed
On 18/08/10 13:30, Phil Mayers wrote:
>
On 18.08.2010 14:31, Phil Mayers wrote:
> After a bit of investigation, it seems that the problem is a missing
> NSEC/NSEC3 record in the empty reply for:
>
> $ dig +dnssec @165.112.4.230 ncbi.nlm.nih.gov ds
>
> ...since the "ncbi" zone is an unsigned child zone, there needs to be an
> NSEC/NSEC3
On 18/08/10 13:15, Lightner, Jeff wrote:
It comes right up in Firefox but prompts for a username and password.
Do you have DNSSEC validation enabled? Because as per my email, it's a
DNSSEC problem.
After a bit of investigation, it seems that the problem is a missing
NSEC/NSEC3 record in the
On 18/08/10 13:30, Phil Mayers wrote:
On 18/08/10 13:15, Lightner, Jeff wrote:
It comes right up in Firefox but prompts for a username and password.
Do you have DNSSEC validation enabled? Because as per my email, it's a
DNSSEC problem.
Damn - in fact sorry, scratch that. I realise my origina
HEN: Wed Aug 18 08:14:44 2010
;; MSG SIZE rcvd: 139
-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Phil Mayers
Sent: Wednesday, August 18, 2010 6:49 AM
To: bind-users@lists.isc.org
Su
All,
It seems this zone is broken as of a couple of days ago. Is anyone else
seeing it? Is there an appropriate bind workaround?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
13 matches
Mail list logo
