Re: auto-dnssec maintain stoped working again...

2011-10-03 Thread Mark Andrews
In message 20111002161255.GG11782@michelle1, Michelle Konzack writes: Hello Hauke Lampe, Am 2011-10-01 02:02:56, hacktest Du folgendes herunter: Do you mean expired signatures or no signatures at all? I have expired signatures... In the latter case, have you checked that the zone's

Re: Basic Setting up request

2011-10-03 Thread Stephane Bortzmeyer
On Sun, Oct 02, 2011 at 07:57:10PM +1100, Leon Moya l...@mymail-box.com wrote a message of 40 lines which said: I'd now like (with help) to add resolution for an internal Apache WebServer, used for developing and testing web pages prior to FTP'ing to the Internet Host. The webserver is

Re: ZSK pre-publish

2011-10-03 Thread Torinthiel
On 2011-10-01 11:40, Matthew Seaman wrote: The trick is to use dnssec-settime modify the dates built into your key by dnssec-keygen. Or equivalently to use dnssec-keygen with appropriate flags to set the 'Activate' date (not to mention Inactive and Delete) some time in the future. So --- this

Re: auto-dnssec maintain stoped working again...

2011-10-03 Thread Michelle Konzack
Hello Mark Andrews, Am 2011-10-03 20:16:33, hacktest Du folgendes herunter: No. It looks completely wrong. Someone/something has re-named the K* files. As the K* files have been renamed named can't find them. No, they are found correctly. Here an extract (non relevant data striped): [

Re: auto-dnssec maintain stoped working again...

2011-10-03 Thread Alan Clegg
On 10/3/2011 6:25 AM, Michelle Konzack wrote: Hello Mark Andrews, Am 2011-10-03 20:16:33, hacktest Du folgendes herunter: No. It looks completely wrong. Someone/something has re-named the K* files. As the K* files have been renamed named can't find them. No, they are found correctly.

Re: DNSSEC not populating parent zone files with DS records

2011-10-03 Thread Tony Finch
Bill Owens ow...@nysernet.org wrote: However, in this case I believe your problem is the lack of NS records in nau.edu for extended.nau.edu. It's difficult to know for sure, but it appears that the only signature for the NS RRSET is using the ZSK for extended.nau.edu, not the ZSK for nau.edu.

Re: ZSK pre-publish

2011-10-03 Thread Matthew Seaman
On 03/10/2011 13:45, Torinthiel wrote: On 2011-10-01 11:40, Matthew Seaman wrote: dnssec-signzone will grok all the built-in dates and do the right thing when you sign the zone. BTW, how does dnssec-signzone behave when you pass -s option? Does it take into account that date when

Re: DNSSEC not populating parent zone files with DS records

2011-10-03 Thread Tony Finch
Michael Sinatra mich...@rancid.berkeley.edu wrote: There are ways of getting the DS records into the zone(s). Here are some steps that I took on some test zones: Alternatively, set update-policy local; on your parent zone and use this little pipeline on the master server. Substitute $parent

Re: auto-dnssec maintain stoped working again...

2011-10-03 Thread Mark Andrews
In message 20111003132508.GL11782@michelle1, Michelle Konzack writes: Hello Mark Andrews, Am 2011-10-03 20:16:33, hacktest Du folgendes herunter: No. It looks completely wrong. Someone/something has re-named the K* fil= es. As the K* files have been renamed named can't find them. No,

Bind DLZ and Postgres 8.4.8

2011-10-03 Thread Job
Hello, by regarding the excellent guide of Jan Pit Mens, i have integrated Bind 9.8.1 DLZ with Mysql 5.x DB; everything is fine and fantastic. I cannot use Postgresql 8.4.8 backend; named correctly starts but, when first nslookup query take place, named crash with this dump:

Re: NXDOMAIN redirection in BIND 9.9

2011-10-03 Thread Matus UHLAR - fantomas
On 9/30/2011 6:21 PM, Shawn Bakhtiar wrote: We came to the conclusion that no matter how much we wanted it to not be true, people find a way to do NXDOMAIN if they want to. The issue is not ours to push, it's between the ISP and the customer ultimately, and people will do it -- and more

dnssec config sanity check

2011-10-03 Thread Paul B. Henson
We are getting ready to deploy dnssec, and I'd appreciate a quick sanity check on our configuration and key timings to make sure I didn't miss anything that would cause things to blow up ;). Our zone data is maintained in a revision control repository; when changes are made there is a process

Re: dnssec config sanity check

2011-10-03 Thread Mark Andrews
In message 4e8a5412.7050...@acm.org, Paul B. Henson writes: We are getting ready to deploy dnssec, and I'd appreciate a quick sanity check on our configuration and key timings to make sure I didn't miss anything that would cause things to blow up ;). Our zone data is maintained in a