Displaying 19 results from an estimated 19 matches for "dnskey".
2016 Jun 02
2
unbound and ntp issuse
Default install with local_unbound and ntpd can't be functional with
incorrect date/time in BIOS:
Unbound requred correct time for DNSSEC check and refuseing queries
("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN")
ntpd don't have any numeric IP of ntp servers in ntp.conf -- only
symbolic names like 0.freebsd.pool.ntp.org, as result -- can't
resolve (see above, about DNSKEY).
IMHO, ntp.conf need to include some numeric IP of public ntp servers.
# date
Tue Jul...
2016 Jun 02
2
unbound and ntp issuse
Default install with local_unbound and ntpd can't be functional with
incorrect date/time in BIOS:
Unbound requred correct time for DNSSEC check and refuseing queries
("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN")
ntpd don't have any numeric IP of ntp servers in ntp.conf -- only
symbolic names like 0.freebsd.pool.ntp.org, as result -- can't
resolve (see above, about DNSKEY).
IMHO, ntp.conf need to include some numeric IP of public ntp servers.
# date
Tue Jul...
2011 Oct 04
11
Concat::Fragment collection broken in 2.7.5
...grade to 2.7.5 I keep getting an error on fragment
collection.
The code is like below:
@@concat::fragment{ "${name}" :
target => "/etc/bind/named.conf.keys",
content => template("dns/named.conf.keys.erb"),
order => 10,
tag => ''dnskey''
}
Concat::Fragment <<| tag == ''dnskey'' |>>
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Could not find type Concat::Fragment on node
Is anybody facing the same kind of issue ?
--
Bruno
--
You received this message because...
2020 Mar 25
2
CentOS 6.10 bind DNSSEC issues
...? validating @0xb48fdcd0:
dlv.isc.org NSEC: verify failed due to bad signature (keyid=64263):
RRSIG has expired
25-Mar-2020 16:26:25.828 dnssec: info:?? validating @0xb48fdcd0:
dlv.isc.org NSEC: no valid signature found
25-Mar-2020 16:29:05.075 dnssec: info: validating @0xb473dc48:
dlv.isc.org DNSKEY: verify failed due to bad signature (keyid=19297):
RRSIG has expired
25-Mar-2020 16:29:05.075 dnssec: notice: validating @0xb473dc48:
dlv.isc.org DNSKEY: unable to find a DNSKEY which verifies the DNSKEY
RRset and also matches a trusted key for 'dlv.isc.org'
25-Mar-2020 16:29:05.075 dnss...
2020 Mar 25
0
CentOS 6.10 bind DNSSEC issues
...rg NSEC: verify failed due to bad signature (keyid=64263):
> RRSIG has expired
> 25-Mar-2020 16:26:25.828 dnssec: info:???????? validating @0xb48fdcd0:
> dlv.isc.org NSEC: no valid signature found
>
> 25-Mar-2020 16:29:05.075 dnssec: info: validating @0xb473dc48:
> dlv.isc.org DNSKEY: verify failed due to bad signature (keyid=19297):
> RRSIG has expired
> 25-Mar-2020 16:29:05.075 dnssec: notice: validating @0xb473dc48:
> dlv.isc.org DNSKEY: unable to find a DNSKEY which verifies the DNSKEY
> RRset and also matches a trusted key for 'dlv.isc.org'
> 25-M...
2018 Apr 30
0
Named log question
Is this mis-configuration, or just noise in my log?
??? 29-Apr-2018 00:50:26.056 general: warning: managed-keys-zone: No
DNSKEY RRSIGs found for '.': success: 1 Time(s)
??? 29-Apr-2018 00:50:26.120 general: warning: managed-keys-zone: No
DNSKEY RRSIGs found for 'dlv.isc.org': success: 1 Time(s)
-chuck
--
ACCEL Services, Inc.| Specialists in Gravity, Magnetics | (713)993-0671 ph.
|...
2015 Jan 03
3
Lost hotmail
...ng list operator can fix "well", and
it's mainly based on the fact that DMARC was designed in a vacuum of
anyone who actually understands mailing lists and/or anyone who uses or
cares about them.
http://wiki.list.org/pages/viewpage.action?pageId=17891458
The summary here is that the DNSKEY that Yahoo signs the message with
(and has nothing to do with SPF as was suggested above) is invalidated
by the mailing list's need to comply with legalities of needing a footer
with unsubscribe information, etc. By altering the message (as sent by
yahoo) the checksum no longer matches and whe...
2013 Jun 09
7
[Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
https://bugzilla.mindrot.org/show_bug.cgi?id=2119
Bug ID: 2119
Summary: SSHFP with DNSSEC ? no trust anchors given, validation
always fails
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2018 Oct 11
1
Issue with latest update of CentOS6
Hello,
after I did update all my CentOS6 boxes - VMs and router; two of them
(one VM and the router) are my local DNS resolvers;
and I'm using the DNSSECTLSAvalidator plugin from nic.cz:
https://www.dnssec-validator.cz/
before the update this plugin worked using my resolvers, after the
update I get:
"Failure - bogus DNSSEC reply, DNSSEC validation not possible with
current
2004 Mar 25
0
ANNOUNCEMENT: NSD 2.0.2 released
This release is a bug fix release.
Please see the README document for configuration and installation
instructions.
You can download NSD from http://www.nlnetlabs.nl/nsd/
NSD 2.0.2 release notes:
BUG FIXES:
- Allow the use of a mnemonic for the algorithm field of a
DNSKEY record.
- Behavior of the zonec -v flag has been modified. By default
zonec will only print a single line with a summary of the
error count.
- Bug #75: Fixed typo in previous "fix".
2015 Jan 03
0
Lost hotmail
...ll", and
> it's mainly based on the fact that DMARC was designed in a vacuum of
> anyone who actually understands mailing lists and/or anyone who uses or
> cares about them.
>
> http://wiki.list.org/pages/viewpage.action?pageId=17891458
>
> The summary here is that the DNSKEY that Yahoo signs the message with
> (and has nothing to do with SPF as was suggested above) is invalidated
> by the mailing list's need to comply with legalities of needing a footer
> with unsubscribe information, etc. By altering the message (as sent by
> yahoo) the checksum no lo...
2019 Dec 27
0
bind problems
...s (serial 2016121200)
27-Dec-2019 23:20:21.227 notify: info: zone ixsdns.de/IN: sending
notifies (serial 2018010102)
*27-Dec-2019 23:20:28.434 dnssec: info: validating ./NS: got insecure
response; parent indicates it should be secure*
27-Dec-2019 23:20:28.444 general: warning: managed-keys-zone: No DNSKEY
RRSIGs found for '.': success
27-Dec-2019 23:20:29.219 dnssec: info: validating ./NS: no valid
signature found
27-Dec-2019 23:20:29.714 dnssec: info:?? validating ./SOA: got insecure
response; parent indicates it should be secure
27-Dec-2019 23:20:29.957 dnssec: info: validating ./NS: no va...
2016 May 10
3
CentOS 6 as DNS-Server
...these days I added a few zones needed for DDNS; this works
but in /etc/ I found quite a strange file, I'm not sure if it was in use
at the beginning I used this system as a DNS-Server, and after several
'yum update'
not any more;
/etc/named.root.key with this content
managed-keys {
# DNSKEY for the root zone.
# Updates are published on root-dnssec-announce at icann.org
. initial-key 257 3 8
"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
X6RS6CXpoY68LsvPVjR0...
2018 Jan 22
0
DNS issues after upgrade
...smb.conf and named.conf for your
reference.
Few things I wish to clarify here.
1. We have installed the samba on CentOS 7.4 not on Debian OS. As,
packages from repositories are of version 4.3 and 4.4, we have used
sources, compiled & installed the package.
2. named.log had an entry "DNSKEY (.) could not be obtained, Time Out".
But named-checkconf did not return any errors.
3. We did run dbcheck and dbcheck --cross-ncs. It threw some erros. We
fixed it. Yet, DNS could not resolve.
We are now simulating the production environment in our testing virtual
machines. We are trying...
2015 Jan 03
0
Lost hotmail
On Fri, Jan 2, 2015 at 3:43 PM, Geert Stappers <stappers at stappers.nl> wrote:
> On Sat, Dec 27, 2014 at 05:07:04PM +0100, Geert Stappers wrote:
>> On Mon, Dec 22, 2014 at 11:06:58AM +0200, Ady wrote:
>> > > On Sun, Dec 21, 2014 at 12:21:32PM -0800, Patrick Masotta wrote:
>> > > > [ ... Failed to build gnu-efi. ... ]
>> >
>> > For some
2018 Jan 22
2
DNS issues after upgrade
Hi Anantha,
> The upgrade from 4.6.5 broke all the servers. Although the services were
> running and there is no error message, DNS resolution failed. Even from
> inside the domain controllers, DNS queries failed.
>
> Samba Version 4.7.1 and Named Version 9.9.4. The same issue happened
> with samba version 4.7.3 and 4.7.4
>
> We had to revert back to 4.6.5 to bring the
2013 Jul 10
4
nsd can't bind udp socket: Address already in use
Greetings,
Unbound 1.4.20
OS X 10.8.4 - Server
NSD 3.2.15
I have installed 'unbound' and it works nicely on my client (test
purpose) - Client is MacBook Air.
I have installed NSD (will be in replacement of BIND) on said client.
All is good but when i try to start NSD
Error --> nsd can't bind udp socket: address already in use.
Everything is configured to bind to 127.0.0.1.
#
2015 Jan 02
4
Lost hotmail
On Sat, Dec 27, 2014 at 05:07:04PM +0100, Geert Stappers wrote:
> On Mon, Dec 22, 2014 at 11:06:58AM +0200, Ady wrote:
> > > On Sun, Dec 21, 2014 at 12:21:32PM -0800, Patrick Masotta wrote:
> > > > [ ... Failed to build gnu-efi. ... ]
> >
> > For some reason I have not received the original email from Patrick
> > Masotta in my inbox, so I am using the
2020 Feb 15
0
Teo En Ming's Manual for Setting Up Samba 4.11.6 and CentOS 8.1 (1911) Linux Server QEMU/KVM Virtual Machine as an Active Directory Domain Controller (AD DC)
....0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Feb 15 09:28:54 dc1 named[3673]: all zones loaded
Feb 15 09:28:54 dc1 named[3673]: running
Feb 15 09:28:54 dc1 systemd[1]: Started Berkeley Internet Name Domain (DNS).
Feb 15 09:29:04 dc1 named[3673]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Feb 15 09:29:04 dc1 named[3673]: resolver priming query complete
I still cannot find the mandatory DNS records. Re-provisioning Samba AD DC again.
# cd /usr/local/samba/etc
# mv smb.conf smb.conf.bak
# samba-tool domain provision --use-rfc2307 --interactive
Realm [TE...