On 2016-01-06 20:42, Nicholas Williams wrote:
I'll look into that other script. Thanks, Bert.
How about a creating a separate sub-zone with a broken presigned
DNSSEC
You can set presigned for just that single zone using the
PRESIGNED domain metadata[1] int your database.
I really like th
(inline)
On Wed, Jan 6, 2016 at 11:42 AM, Nicholas Williams
wrote:
> I'll look into that other script. Thanks, Bert.
>
>> How about a creating a separate sub-zone with a broken presigned DNSSEC
>
>> You can set presigned for just that single zone using the PRESIGNED domain
>> metadata[1] int your
I'll look into that other script. Thanks, Bert.
> How about a creating a separate sub-zone with a broken presigned DNSSEC
> You can set presigned for just that single zone using the PRESIGNED domain
metadata[1] int your database.
I really like this idea in combination. That documentation that Pi
Hi Nick,
On Wed, 6 Jan 2016 13:26:59 -0600
Nicholas Williams wrote:
> Yea, but that's the rub. I want to do this WITHOUT 'presigned zones.'
> I want everything else to be live-signed (because it's SO much easier
> than presigning), and only munge this one subdomain's RRSIGs.
You can set presign
On Wed, Jan 06, 2016 at 01:26:59PM -0600, Nicholas Williams wrote:
> I'm looking into using a postresolve Lua script for this, as Aki suggested,
> because it sounds like that's likely the only way to do what I want. I
> found this sample, which is pretty helpful:
Well - the reason you can't find t
On 2016-01-06 20:26, Nicholas Williams wrote:
Yea, but that's the rub. I want to do this WITHOUT 'presigned zones.'
I want everything else to be live-signed (because it's SO much easier
than presigning), and only munge this one subdomain's RRSIGs.
How about a creating a separate sub-zone with
Yea, but that's the rub. I want to do this WITHOUT 'presigned zones.' I
want everything else to be live-signed (because it's SO much easier than
presigning), and only munge this one subdomain's RRSIGs.
I'm looking into using a postresolve Lua script for this, as Aki suggested,
because it sounds li
On Wed, Jan 06, 2016 at 12:46:38PM -0600, Nicholas Williams wrote:
> Out of curiosity, what DOES PowerDNS do if it finds an both an A and an
> RRSIG record for a.b.c.com in the database?
Hi Nicholas,
To answer both your messages in one go, if you run with 'presigned zones',
PowerDNS will use the
Out of curiosity, what DOES PowerDNS do if it finds an both an A and an
RRSIG record for a.b.c.com in the database?
Nick
On Wed, Jan 6, 2016 at 12:33 PM, Aki Tuomi wrote:
> The code does not support this but you might be able to use postresolve
> Lua hook to break the reply signature.
>
> ---
>
Hi all,
We're running a PowerDNS 3.4.6 installation with the MySQL backend, and we’re
using pdnsutil secure-zone/set-nsec3/rectify-zone to automatically secure all
of our domains (the least-effort method, instead of manually signing
everything). It works great. Thanks for the excellent software
10 matches
Mail list logo
