I wrote myself a small bash script to handle ZSK rollover, it might
handle KSK but I have tried it.
All it does is to setup for a DNSSEC-keygen. My idea is to automatically
pick a ZSK and use it as the base for the next key set, as per the -S
param in DNSSEC-keygen.
The only real additions are t
DNSSEC-DEPLOYMENT was recently moved to a new server in a different
organization. Things are supposed to be progressing, but it seems to
be taking forever to get things like list management up. Last post I
saw said mid-January. That should mean about now.
--
R. Kevin Oberman, Network Engineer
On 19/01/2015 19:10, Evan Hunt wrote:
> On Mon, Jan 19, 2015 at 05:56:52PM +, Graham Clinch wrote:
>> I think this is down to an optimisation in lib/dns/zone.c which checks
>> whether a notification is already queued to the same 'dst' address,
>> ignoring whether the key differs (roughly line 9
On Mon, Jan 19, 2015 at 05:56:52PM +, Graham Clinch wrote:
> I think this is down to an optimisation in lib/dns/zone.c which checks
> whether a notification is already queued to the same 'dst' address,
> ignoring whether the key differs (roughly line 9990?).
>
> Is this the 'correct' behaviour
Hi List,
Using BIND 9.9, I am trying to notify two different slave views on the
same host using TSIG keys as the differentiator:
also-notify { 127.0.0.1 key slave1; 127.0.0.1 key slave2; };
It appears that only the first (slave1) receives a notify.
If I change the second address to a different
Alain Fontaine wrote:
> view "interne" {
> match-clients { clients-internes; };
> allow-query { clients-internes; };
> zone testzone.net {
> type slave;
> file "slave.int/net.testzone";
> masters { address_of_master; };
> };
> };
>
On 1/19/15 9:14 AM, Daniel Dawalibi wrote:
> Invalid DNS queries : non-existent domains that do not resolve to any
> IP as mentioned in the below example. We are trying to protect our
> DNS servers from a number of invalid dns queries targeting our
> caching server and originated from different so
On 19.01.15 16:14, Daniel Dawalibi wrote:
Invalid DNS queries : non-existent domains that do not resolve to any IP as
mentioned in the below example.
you should better not use this definition.
We are trying to protect our DNS servers from a number of invalid dns
queries targeting our caching
Running BIND 9.10.1-P1, I am trying to use the new 'in-view' option.
Here is a digest of the configuration:
acl "clients-internes" {
list_of_inside_addresses;
};
view "interne" {
match-clients { clients-internes; };
recursion yes;
allow-query { clients-internes; }
Hello
Invalid DNS queries : non-existent domains that do not resolve to any IP as
mentioned in the below example.
We are trying to protect our DNS servers from a number of invalid dns queries
targeting our caching server and originated from different source IPs. Is there
any way to drop these r
10 matches
Mail list logo
