Hi Mark,
I think I found the problem. Seems Webmins code for handling the signing
was't dealing with NSEC3PARAM records properly. Essentially when merging
the signed records back in to the original host file it was only putting
NSEC, NSEC3 and RRSIG. It wasnt handling NSEC3PARAM at all. The zones
Please ignore the * in the copy pasted records. It seems the list converts
color text to be *TEXT* hehe
On 31 March 2017 at 00:11, J T wrote:
> Hi Mark,
>
> Thank you for responding. What do you mean by zone apex?
>
> If we assume one of the domains that fails to be seen as signed is "
> example
Hi Mark,
Thank you for responding. What do you mean by zone apex?
If we assume one of the domains that fails to be seen as signed is "
example.co.uk" then would the apex be the domain name with no prefixes ?
I've changed the domain name but this is part of what I have in my signed
zone file for
In message
, J T writ
es:
> Hi,
>
> I have 5 signed zones ( 2 x .email, 2 x .com and 1 x .co.uk ).
>
> I used Webmin to do the heavy lifting of signing/resigning etc.
>
> Only 2 of the 5 zones are recognised as (DNSSEC Signed) by BIND on
> restart/zone application and that fact is reported in the
Hi,
I have 5 signed zones ( 2 x .email, 2 x .com and 1 x .co.uk ).
I used Webmin to do the heavy lifting of signing/resigning etc.
Only 2 of the 5 zones are recognised as (DNSSEC Signed) by BIND on
restart/zone application and that fact is reported in the system logs.
I’m trying to work out why
5 matches
Mail list logo
