On Tue, Sep 24, 2019 at 03:15:42AM +, Evan Hunt wrote:
> Six years is a long time, I've probably forgotten a few.
Oh here's one: "dig +sigchase" is dead now, use "delv" to check DNSSEC
validation chains.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_
On Mon, Sep 23, 2019 at 08:16:43PM +, Jukka Pakkanen wrote:
> I am finally diging in to DNSSEC, updating out BIND 9.14.5 servers to
> support it, both resolving & signing, secure zone transfers etc.
>
> I just have read the DNSSEC Mastery by Michael W. Lucas from year 2013,
> and my question b
Jukka,
Some odds n ends in no particular order:
1. DNSSEC was designed for external zones
2. Use delv instead of dig when troubleshooting DNSSEC and play around with
these options:
+rtrace (resolver)
+vtrace (validation)
You want to see “fully validated”.
3. Commit these values to memory so
Already found out about
https://ftp.isc.org/isc/dnssec-guide/html/dnssec-guide.html, and that example
the dnssec-enable option is now on by default… but any usefull hints still
gladly received 😊
Jukka
Lähettäjä: bind-users Puolesta Jukka Pakkanen
Lähetetty: 23. syyskuuta 2019 22:17
Vastaano
I am finally diging in to DNSSEC, updating out BIND 9.14.5 servers to support
it, both resolving & signing, secure zone transfers etc.
I just have read the DNSSEC Mastery by Michael W. Lucas from year 2013, and my
question basically is, is this information from 6 years back still valid, or
hope
5 matches
Mail list logo
