Re: recover missing journal files from running server

On 2014-07-10 at 12:33 -0400, Phil Pennock wrote: > Folks, in a moment of gross stupidity I added "--delete-delay" to an > rsync invocation in a deploy script, to remove master zonefiles from > the server which are no longer needed. I forgot that the DNSSEC > auto-maintai

recover missing journal files from running server

Folks, in a moment of gross stupidity I added "--delete-delay" to an rsync invocation in a deploy script, to remove master zonefiles from the server which are no longer needed. I forgot that the DNSSEC auto-maintain journal files are in that directory too. Seeing little things like this: del

Re: KSK signing all records; NSEC3 algorithm status?

On 2014-05-29 at 00:59 -0400, Phil Pennock wrote: > The new DNSKEY had id=33768 and when I deployed it, Bind signed the SOA > with it but nothing else. Bind 9.10 ARM (PDF-only??): "However, if the new key is replacing an existing key of the same algorithm, then the zone will b

Re: KSK signing all records; NSEC3 algorithm status?

On 2014-05-28 at 13:02 +1000, Mark Andrews wrote: > If you want to finish transitioning to RSASHA256 just generate a > zone signing key RSASHA256. Named will sort things out. You may > end up with 3 sets of signatures for a while. Don't worry about > it. The new DNSKEY had id=33768 and when I d

Re: KSK signing all records; NSEC3 algorithm status?

On 2014-05-28 at 13:02 +1000, Mark Andrews wrote: > In message <20140528012734.ga55...@redoubt.spodhuis.org>, Phil Pennock writes: > > The registrar for my zone "xn--qck5b9a5eml3bze.jp" required a DNSSEC > > KSK update; good practice on their part. > > For mos

KSK signing all records; NSEC3 algorithm status?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The registrar for my zone "xn--qck5b9a5eml3bze.jp" required a DNSSEC KSK update; good practice on their part. My first rollover, though. I've ended up with all records being signed by the new KSK, apparently through an algorithm mismatch, and I'm no

Re: 9.8 controls stmt ignores second key?

On 2012-06-08 at 15:36 +1000, Mark Andrews wrote: > Apply the following. It should work > > diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c [...] Confirmed, works for me, thank you! -Phil ___ Please visit https://lists.isc.org/mailman/l

9.8 controls stmt ignores second key?

I upgraded bind today from 9.6 to 9.8.3-P1. One of my automated reloads is now failing. I've tracked this down to the second key in the controls configuration being ignored. If I swap the order of the keys, the second (now first) key is honoured, the other is not, so I know that both keys still