Re: Bind as cache DNS and firewall

I would configure your firewall to -j DROP and not first -j LOG these packets. No need filling up your syslog with bogus queries. My guess is that there are some poorly configured remote firewalls. Jason Roysdon http://jason.roysdon.net/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users

Re: DNSSEC DS record generation for DOT-US from NSEC3 signed-zone

On 08/14/2010 12:43 AM, Matthew Seaman wrote: > On 14/08/2010 02:08, Jason Roysdon wrote: >> The problem I have is that my zone is using an NSEC3 and when BIND's >> dnssec-signzone generates dsset files, it does so with algorithm 7. How >> can I generate DS records with

DNSSEC DS record generation for DOT-US from NSEC3 signed-zone

c-signzone generates dsset files, it does so with algorithm 7. How can I generate DS records with NSEC3 keys, for algorithm 3 or 5 (NSEC) as Neustar requires? Thanks, Jason Roysdon http://jason.roysdon.net/ ___ bind-users mailing list bind-users@lis