-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/06/2010 18:49:44, Casey Deccio wrote:
> This has been fixed. The problem had to do with establishing a canonical
> ordering of RRs within an RRset for the purposes of verifying an RRSIG.
> dnspython's default comparison operators don't follow ca
On Wed, Jun 2, 2010 at 7:44 AM, Chris Thompson wrote:
> On Jun 2 2010, Matthew Seaman wrote:
>
> I'm DNSSEC enabling the .ip6.arpa zone for my IPv6 allocation and
>> registering it with dlv.isc.org. Using bind-9.7.0-p2 dnssec tools.
>>
>> Everything seems to be working well, but when I test usi
On Wed, Jun 2, 2010 at 8:40 AM, Paul Vixie wrote:
> Chris Thompson writes:
>
> > Nothing that I can see. Maybe dnsviz can't cope with multiple PTR
> > records in an RRset, as your first case has? (On the other hand it
> > handles multiple A records in forward zones OK.)
>
> to be fair, multiple
On Jun 2 2010, Matthew Seaman wrote:
I'm DNSSEC enabling the .ip6.arpa zone for my IPv6 allocation and
registering it with dlv.isc.org. Using bind-9.7.0-p2 dnssec tools.
Everything seems to be working well, but when I test using the Sandia
Labs dnsviz.net tool I get inconsistent results.
My m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm DNSSEC enabling the .ip6.arpa zone for my IPv6 allocation and
registering it with dlv.isc.org. Using bind-9.7.0-p2 dnssec tools.
Everything seems to be working well, but when I test using the Sandia
Labs dnsviz.net tool I get inconsistent result
In message , itse
rvices88 writes:
>
> I heard that root zone will be signed (or is already signed), so what
> changes would be required with respect to the current additions of adding
> dlv.isc.org as trust anchor and its associated trusted key ? Do we need to
> keep the isc dlv ? or add a new k
Thanks for details.
-dani
On Fri, May 21, 2010 at 9:04 AM, Chris Thompson wrote:
> On May 21 2010, itservices88 wrote:
>
> I heard that root zone will be signed (or is already signed),
>>
>
> It's in DURZ mode. Read all about it at http://www.root-dnssec.org/
>
>
>
On May 21 2010, itservices88 wrote:
I heard that root zone will be signed (or is already signed),
It's in DURZ mode. Read all about it at http://www.root-dnssec.org/
so what
changes would be required with respect to the current add
I heard that root zone will be signed (or is already signed), so what
changes would be required with respect to the current additions of adding
dlv.isc.org as trust anchor and its associated trusted key ? Do we need to
keep the isc dlv ? or add a new key for the root ?
Thanks
-dani
On Thu, May 20
I missed the trusted key .. Thanks
Here is the other output
# dig +cd +dnssec dlv.isc.org dnskey @localhost
; <<>> DiG 9.6.2-P1-RedHat-9.6.2-3.P1.fc12 <<>> +cd +dnssec
dlv.isc.orgdnskey @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
In message , itse
rvices88 writes:
> Hi,
>
> Whenever i enable:
>
> dnssec-lookaside "." trust-anchor "DLV.ISC.ORG";
>
> in the named.conf, restart bind, the dns resolution stops. One the same FC12
> machine, dig using an outside dns server has no issues resolving with
> +dnssec option. I am us
Hi,
Whenever i enable:
dnssec-lookaside "." trust-anchor "DLV.ISC.ORG";
in the named.conf, restart bind, the dns resolution stops. One the same FC12
machine, dig using an outside dns server has no issues resolving with
+dnssec option. I am using bind 9.6.2 that came with FC12.
Any thoughts ?
-
12 matches
Mail list logo
