numerous nsec3 bad cache hits

(fema.net/DNSKEY) I'm guessing this is some kind of brute force attack on BIND trying to take advantage of a broken dnssec configuration for fema.net? The problem is that the syslog is filled with these messages. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com

Re: A record of domain name must be name server ?

to be ignored (except for RRSIG, etc) once the CNAME exists. Ie. the MX and NS RRs exist only for example.com, but not www.example.com. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com ___ Please visit https

Re: Serial numbers for inline signing

sanity checkers. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com On Dec 18, 2013, at 10:17 AM, Thomas Schulz sch...@adi.com wrote: I have a question about the serial number as modified by inline signing. I have a static zone, adi.com, that I am setting up for dnssec

Re: dig and IPV6 server

On Mon, 26 Aug 2013, hugo hugoo wrote: C:\digdig @fe80::a6b1:e9ff:fe68:c8 www.google.be dig: couldn't get address for 'fe80::a6b1:e9ff:fe68:c8': address family not supported Try adding the interface to the link-local, eg.: dig @fe80::a6b1:e9ff:fe68:c8%eth0 www.google.be Antonio Querubin e

tools for searching/removing stale keys

Has anyone come up with scripts/tools for removing stale zone-signing keys but leaving key-signing keys which are in the same directory alone? Antonio Querubin e-mail/xmpp: t...@lava.net ___ bind-users mailing list bind-users@lists.isc.org https

need to disable dnssec for pseudo TLD zone

to disable dnssec validation on a per-zone basis for internal pseudo TLDs? Antonio Querubin 808-545-5282 x3003 e-mail/xmpp: t...@lava.net ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users