Yes I read it, but pdnsutil secure-zon/e/// DOES NOT have any option to
choose algorithm
Can't you just tell me in a simple way how to choose algorithm ?
/ Daniel
Den 2017-11-30 kl. 20:41, skrev bert hubert:
On Thu, Nov 30, 2017 at 08:28:10PM +0100, Daniel Eriksson wrote:
Hi all!
pdnsuti
On Thu, Nov 30, 2017 at 08:28:10PM +0100, Daniel Eriksson wrote:
> Hi all!
>
> pdnsutil secure-zone is creating algorithm 13.
>
> How can I do to make it to create algorithm 5 or 8 instead?
Daniel,
Can I please ask you to read the documentation. We spent a lot of time
writing it. You send us me
Hi all!
pdnsutil secure-zone is creating algorithm 13.
How can I do to make it to create algorithm 5 or 8 instead?
Kind regards,
Daniel
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-us
Hi,
accordingly to this https://tools.ietf.org/html/rfc4034#section-5.1.3
the digest should be quote: "a 20 octet digest"
27425
13
2
49FD46E6C4B45C55D4AC
So the digest above, 49FD46E6C4B45C55D4AC should be a 20 octet
But where can I find this 20 octet digest in my powerdns?
It's not in pd
Hi Daniel,
Pushing this back to the mailing list, please send replies there.
On Thu, 30 Nov 2017 17:22:15 +0100
Daniel Eriksson wrote:
> Thanks for your reply!
>
> I tried now with egenblog.se correctly and with the DNSKEY instead but I
> think it's like you are saying, it might be that
>
>
Hi,
I did something similar ti implement RPZ like functionality before PDNS had
proper RPZ support and didn't notice any significant impact that was with a
list of a few thousand records we where checking and seeing a few thousand QPS.
So it'll make a bit of difference but depending on how bus
Hello Daniel,
On Thu, 30 Nov 2017 16:23:53 +0100
Daniel Eriksson wrote:
> On a zone I get the following result from pdnsutil show-zone
> [...]
> Now I'm sending the following command to the IIS Epp server choosing the
> SHA256 digest :
> [ ... ]
> But this has no effect, the domain is still uns
Hi all!
On a zone I get the following result from pdnsutil show-zone
ID = 3 (CSK), flags = 257, tag = 27425, algo = 13, bits = 256 Active
( ECDSAP256SHA256 )
CSK DNSKEY = domain.se. IN DNSKEY 257 3 13
6TPW2LtkyHxnp6seozCgy30K1de6VyjdhRj9bojnM2lnEx7mp27A0nGs/tEoIOL4zD/I34gppG0+8WCvZbUmlA==
Il Thu, 30 Nov 2017 14:51:46 +0100
Remi Gacogne ha scritto:
> Hi Mario,
Hi Remi,
Thank you for the reply,
>
> On 11/30/2017 11:52 AM, Mario Caruso wrote:
> > I am trying to write a lua rule to somehow filter/capture
> > the wpad like dq.qname (http://allievi.sssup.it/techblog/archives/81)
>
On Thu, Nov 30, 2017 at 02:43:40PM +0100, Daniel Eriksson wrote:
> How can I run powerdns with pre-signed dnssec zones, without the need to
> sign every single zone v4.0?
You don't need to sign all zones. In fact, you must tell PowerDNS which ones
to sign. It will not autosign all of them.
> Do i
Hi Mario,
On 11/30/2017 11:52 AM, Mario Caruso wrote:
> I am trying to write a lua rule to somehow filter/capture
> the wpad like dq.qname (http://allievi.sssup.it/techblog/archives/81)
>
> in my test environment (debian stretch and recursor version
> 4.1.0~rc3-1pdns.stretch) I have this rule
How can I run powerdns with pre-signed dnssec zones, without the need to
sign every single zone v4.0?
Do i need afxr transfer to slaves, or can I use my current mysql
replication?
I can't find any info on this or what to change in the config.
Kind regards,
Daniel
___
Hello everyone,
Version 4.1 is a major upgrade for the Authoritative Server, delivering
improvements and speedups developed and tested over the past 12 months. Many
large scale deployments have already migrated to this release because even
unreleased, it was a better nameserver than 4.0.x (alth
Greetings,
I am trying to write a lua rule to somehow filter/capture
the wpad like dq.qname (http://allievi.sssup.it/techblog/archives/81)
in my test environment (debian stretch and recursor version
4.1.0~rc3-1pdns.stretch) I have this rule :
-- US-CERT TA16-144A.
if (dq.qname:isPart
14 matches
Mail list logo
