Marc Lampo wrote:
> Sorry, I still cannot confirm the problem with Bind 9.7.3-P2 version ...
>
> 4 DS's in total,
> for each KSK 1 DS with SHA-1, one with SHA-2
> for one KSK, the algorithm used was changed from 5 to 8.
As I understand it the problem that Stephane reported occurred when the
sing
On Mon, May 09, 2011 at 03:33:21PM +0200,
Marc Lampo wrote
a message of 38 lines which said:
> 4 DS's in total,
> for each KSK 1 DS with SHA-1, one with SHA-2
> for one KSK, the algorithm used was changed from 5 to 8.
If I understand well, you have two KSK. In that case, yes, it should
work (
yer' [mailto:bortzme...@nic.fr]
Sent: 09 May 2011 01:52 PM
To: Marc Lampo
Cc: bind-users@lists.isc.org
Subject: Re: [DNSSEC] Resolver behavior with broken DS records
On Mon, May 09, 2011 at 01:41:08PM +0200,
Marc Lampo wrote
a message of 28 lines which said:
> So the "error" of
'Stephane Bortzmeyer' [mailto:bortzme...@nic.fr]
Sent: 09 May 2011 01:46 PM
To: Marc Lampo
Cc: bind-users@lists.isc.org
Subject: Re: [DNSSEC] Resolver behavior with broken DS records
On Mon, May 09, 2011 at 01:00:03PM +0200,
Marc Lampo wrote
a message of 47 lines which said:
> 1
On Mon, May 09, 2011 at 01:00:03PM +0200,
Marc Lampo wrote
a message of 47 lines which said:
> 1 correct DS record,
> 1 DS record, correct in everything but the algorithm
And one DS record hashed with SHA-1 and one hashed with SHA-2? This
was necessary to trigger the problem, because of RFC
On Mon, May 09, 2011 at 01:41:08PM +0200,
Marc Lampo wrote
a message of 28 lines which said:
> So the "error" of the mismatched must be in the SHA-2 DS records ?
Yes.
> And *not* in the SHA-1's ? Or in both ?
RFC 4509 section 3 gives a strong priority to SHA-2. So, there is no
symmetry: th
Hello,
Just tried with Bind 9.7.2-P3 (in our course environment for our DNSSEC
workshop).
I can *not* confirm this behaviour there :
1 correct DS record,
1 DS record, correct in everything but the algorithm
--> validating caching name servers nicely return answers with "AD" bit
set.
All name se
7 matches
Mail list logo
