> On 26 Mar 2020, at 08:04, Havard Eidnes via bind-users
> wrote:
>
>> This was an accident - we did *not* do this on purpose - but infact,
>> this is a good time for anyone who still has dlv.isc.org configured
>> to REMOVE it from your BIND configuration.
>
> This advice may be
> This was an accident - we did *not* do this on purpose - but infact,
> this is a good time for anyone who still has dlv.isc.org configured
> to REMOVE it from your BIND configuration.
This advice may be misunderstood. Use of dlv.isc.org is usually
implied, not explicitly stated in named.conf,
We apparently let our signatures on dlv.isc.org expire. We are fixing it now.
We apologize for this.
This was an accident - we did *not* do this on purpose - but infact, this is a
good time for anyone who still has dlv.isc.org configured to REMOVE it from
your BIND configuration. The zone is
In message 4d0f00dd.9060...@data.pl, Torinthiel writes:
On 12/20/10 01:32, Mark Andrews wrote:
In message 4d0e8340.9060...@data.pl, Torinthiel writes:
Hello everyone,
I've recently updated bind to version 9.7.2_p3.
Upgraded from what?
From 9.4.3_p5
I've
On Dec 19 2010, Torinthiel wrote:
Hello everyone,
I've recently updated bind to version 9.7.2_p3.
I've been using DLV before that, specifically dlv.isc.org, with two
entries in named.conf
options {
dnssec-lookaside . trust-anchor dlv.isc.org.;
};
trusted-keys{
[sometext]
};
and it was
On 12/20/10 01:32, Mark Andrews wrote:
In message 4d0e8340.9060...@data.pl, Torinthiel writes:
Hello everyone,
I've recently updated bind to version 9.7.2_p3.
Upgraded from what?
From 9.4.3_p5
I've been using DLV before that, specifically dlv.isc.org, with two
entries
Is there a way of using dnssec-lookaside and forcing bind not to
maintain a managed-keys-zone for certain views?
Sure, just do it the old way, without dnssec-lookaside auto.
Put these in the view statement:
dnssec-lookaside . trust-anchor dlv.isc.org;
trusted-keys {
On 18/07/2010 17:58:15, Evan Hunt wrote:
Is there a way of using dnssec-lookaside and forcing bind not to
maintain a managed-keys-zone for certain views?
Sure, just do it the old way, without dnssec-lookaside auto.
Put these in the view statement:
dnssec-lookaside . trust-anchor
On Sun, Jul 18, 2010 at 3:28 PM, Matthew Seaman
m.sea...@infracaninophile.co.uk wrote:
Think I'll just drop the external-chaos view. Some script kiddie
working out I'm running the latest version of bind is likely to be lower
risk and a lot less harmful than dealing with broken dnssec chains of
On 07/18/10 12:28, Matthew Seaman wrote:
Think I'll just drop the external-chaos view. Some script kiddie
working out I'm running the latest version of bind is likely to be lower
risk and a lot less harmful than dealing with broken dnssec chains of trust.
I agree, and to take it one step
Well, it's a better work around than what I have been doing, but not
having the RFC 5011 behaviour is quite a disappointment. Now I have
presentiments of disaster should the DLV key have to be rolled for
whatever reason.
Sorry, I misunderstood your question--I thought you wanted to know how
11 matches
Mail list logo
