Zitat von Barry Margolin bar...@alum.mit.edu:
In article mailman.265.1285967251.555.bind-us...@lists.isc.org,
lst_ho...@kwsoft.de wrote:
Zitat von Alan Clegg acl...@isc.org:
On 10/1/2010 4:50 PM, lst_ho...@kwsoft.de wrote:
Sorry for being unclear. We want the SERVFAIL as it should be for
On 10/02/2010 10:01 AM, lst_ho...@kwsoft.de wrote:
So the problem are not resolvers unaware of DNSSEC but resolvers with
inappropriate defaults or configured wrong by accident. Additionally
this problem is not easy detectable as it can occur far downstream. So
i would say it is a valid concern
Hello
after the root zones are now DNSSEC signed we like to use DNSSEC at
our caching resolvers. I have setup Bind 9.7.0-P1-1 at the border and
basically it is working fine. What i have not managed is to alwawys
force obeying DNSSEC signed zones for resolving eg. if i use dig
+cdflag
On 10/1/2010 4:26 PM, lst_ho...@kwsoft.de wrote:
Hello
after the root zones are now DNSSEC signed we like to use DNSSEC at our
caching resolvers. I have setup Bind 9.7.0-P1-1 at the border and
basically it is working fine. What i have not managed is to alwawys
force obeying DNSSEC signed
Zitat von Alan Clegg acl...@isc.org:
On 10/1/2010 4:26 PM, lst_ho...@kwsoft.de wrote:
Hello
after the root zones are now DNSSEC signed we like to use DNSSEC at our
caching resolvers. I have setup Bind 9.7.0-P1-1 at the border and
basically it is working fine. What i have not managed is to
On 10/1/2010 4:50 PM, lst_ho...@kwsoft.de wrote:
Sorry for being unclear. We want the SERVFAIL as it should be for
invalid DNSSEC data *in all cases* eg. even if a client ask with the
cdflag (checking disable) set.
CD means don't check, so you can't by definition.
AlanC
signature.asc
Zitat von Alan Clegg acl...@isc.org:
On 10/1/2010 4:50 PM, lst_ho...@kwsoft.de wrote:
Sorry for being unclear. We want the SERVFAIL as it should be for
invalid DNSSEC data *in all cases* eg. even if a client ask with the
cdflag (checking disable) set.
CD means don't check, so you can't by
In article mailman.265.1285967251.555.bind-us...@lists.isc.org,
lst_ho...@kwsoft.de wrote:
Zitat von Alan Clegg acl...@isc.org:
On 10/1/2010 4:50 PM, lst_ho...@kwsoft.de wrote:
Sorry for being unclear. We want the SERVFAIL as it should be for
invalid DNSSEC data *in all cases* eg.
8 matches
Mail list logo