Don't think TSIG Key roll-over is possible - in the DNSSEC sense. Don't
think it is as necessary either. I have separate TSIG relationships
between my Primary and Secondary peers. I use the same TSIG for all
zones that are on both peers - the TSIG is to secure the path between
the two peers. I
Robert Spangler schrieb:
On Tuesday 15 September 2009 08:16, Frank Stanek wrote:
Please forgive my naivety if this is totally wrong but
I don't have a chrooted bind environment to verify this atm.
I run a chroot environment
But doesn't the init script in some distributions copy the
Hi,
i'm using BIND9 on an Ubuntu-8.10-server.
I'd like to configure the following:
For a given name (eg. vega.lab.ts), I'd like to forward the request to
two external DNS servers, *simultaneously*, and respond with the first
response that i get.
Is this possible?
I didn't see how to do it
On Wed, Sep 16, 2009 at 05:20:21PM +0200, RUOFF LARS wrote:
Hi,
i'm using BIND9 on an Ubuntu-8.10-server.
I'd like to configure the following:
For a given name (eg. vega.lab.ts), I'd like to forward the request to
two external DNS servers, *simultaneously*, and respond with the first
In article mailman.508.1253094340.14796.bind-us...@lists.isc.org,
Marcos Lorenzo de Santiago marcos.lore...@ayto-getafe.org wrote:
El mar, 15-09-2009 a las 13:45 +0200, Udo Zumdick escribió:
Am Tue, 15 Sep 2009 12:28:24 +0200
schrieb Marcos Lorenzo de Santiago
I currently explore the new DNSKEY metadata and dnssec-signzone -S with
BIND 9.7.0a3. This feature definitely helps making key management easier
and will motivate more operators to sign their zones. Thank you for that.
For this test, I created a zone with one manually timed KSK, one active
ZSK
Mark Elkins wrote:
Don't think TSIG Key roll-over is possible - in the DNSSEC sense. Don't
think it is as necessary either. I have separate TSIG relationships
between my Primary and Secondary peers. I use the same TSIG for all
zones that are on both peers - the TSIG is to secure the path
Re-signing the signed zone file, however, also includes signatures from
the passive ZSK, *unless* I remove the DNSKEY records from the zone file
before signing. I guess this is due to the keys already in the signed
zone file overriding the -S switch:
Yes, that's a bug. Thank you very much,
On Wednesday 16 September 2009 02:52, Marcos Lorenzo de Santiago wrote:
El mar, 15-09-2009 a las 17:27 -0400, Robert Spangler escribió:
On Tuesday 15 September 2009 08:16, Frank Stanek wrote:
Please forgive my naivety if this is totally wrong but
I don't have a chrooted bind
RUOFF LARS wrote:
Hi,
i'm using BIND9 on an Ubuntu-8.10-server.
I'd like to configure the following:
For a given name (eg. vega.lab.ts), I'd like to forward the request to
two external DNS servers, *simultaneously*, and respond with the first
response that i get.
Is this possible?
Short
10 matches
Mail list logo