On Thu, May 21, 2015 at 08:08:24AM +0200, bert hubert wrote:
> Dean,
>
> I think you ended up on the wrong mailing list! Sadly DNS does not employ
> any DH exchanges right now..
>
> Bert
>
In fact TKEY defines DH Key Exchange protocol, not sure if
anyone is actually implementing it.
Aki
Dean,
I think you ended up on the wrong mailing list! Sadly DNS does not employ
any DH exchanges right now..
Bert
> It seems there is some issue with DH. Details are available in the
> usual places.
>
> This website is getting posted around the place. Perhaps someone can
> send in exim
It seems there is some issue with DH. Details are available in the usual
places.
This website is getting posted around the place. Perhaps someone can
send in exim details?
https://weakdh.org/sysadmin.html
Also perhaps the Debian wiki? https://wiki.debian.org/Exim
Dean
_
Hi Pieter,
On 05/20/2015 01:42 PM, Pieter Lexis wrote:
> On 05/20/2015 01:31 PM, Peter Thomassen wrote:
>> Yes, I saw that. However, I am using PowerDNS 3.3 on the slaves, so that
>> can't be it ...
>
> Is the zone on the slave set to pre-signed? If not, PowerDNS ignores
> in-zone RRSIGs and othe
Hi Peter,
On 05/20/2015 01:31 PM, Peter Thomassen wrote:
Yes, I saw that. However, I am using PowerDNS 3.3 on the slaves, so that
can't be it ...
Is the zone on the slave set to pre-signed? If not, PowerDNS ignores
in-zone RRSIGs and other DNSSEC related data. You can set this by
running `pd
On Wed, May 20, 2015 at 01:34:59PM +0200, Peter Thomassen wrote:
> Hi Leen,
>
> On 05/20/2015 12:32 PM, Leen Besselink wrote:
> >> # these failed:
> >> dig @ns1.desec.io +dnssec +norec desec.io DNSKEY
> >> dig @ns1.desec.io +dnssec +norec desec.io A
> >>
> >> Here is a working example with an RRSI
Hi Leen,
On 05/20/2015 12:32 PM, Leen Besselink wrote:
>> # these failed:
>> dig @ns1.desec.io +dnssec +norec desec.io DNSKEY
>> dig @ns1.desec.io +dnssec +norec desec.io A
>>
>> Here is a working example with an RRSIG for the DNSKEY query:
[...]
> As we can see, no RRSIG-record on your domain, my
Hi Leen,
Thank you for your quick reply!
On 05/20/2015 12:39 PM, Leen Besselink wrote:
> Just had a quick look at the docs. What version are you running ? Did you see
> this ?:
>
> "When using slaves that AXFR your signed zones, be sure that your slaves
> actually support serving DNSSEC. Some
Hi Peter,
Just had a quick look at the docs. What version are you running ? Did you see
this ?:
"When using slaves that AXFR your signed zones, be sure that your slaves
actually support serving DNSSEC. Some servers will gladly AXFR a signed zone,
but not perform DNSSEC processing on it. This g
On Wed, May 20, 2015 at 12:26:50PM +0200, Leen Besselink wrote:
> On Wed, May 20, 2015 at 12:16:02PM +0200, Peter Thomassen wrote:
> > Dear experts,
> >
> > I'm sorry to bug you again, but I am still stuck with deploying DNSSEC
> > for desec.io, and I'd like to ask for your help once more.
> >
>
On Wed, May 20, 2015 at 12:16:02PM +0200, Peter Thomassen wrote:
> Dear experts,
>
> I'm sorry to bug you again, but I am still stuck with deploying DNSSEC
> for desec.io, and I'd like to ask for your help once more.
>
> I have a hidden primary which does the signing in live mode (MySQL
> backend
Dear experts,
I'm sorry to bug you again, but I am still stuck with deploying DNSSEC
for desec.io, and I'd like to ask for your help once more.
I have a hidden primary which does the signing in live mode (MySQL
backend), and two public nameservers ns1.desec.io and ns2.desec.io which
receive the z
12 matches
Mail list logo
