Displaying 20 results from an estimated 1000 matches similar to: "DNSSEC"
2013 Mar 01
3
EDNS support
I am having problems with EDNS support on a few Centos 6.3 bind
servers. I am trying to determine if the problem is my Juniper SSG5
firewall of Centos.
All the servers have firewall enabled, though I have tested with
stopping iptables and ip6tables. I am using tests from:
https://www.dns-oarc.net/oarc/services/replysizetest
dig @localhost +short rs.dns-oarc.net txt
gets:
;; Truncated,
2008 Jul 30
3
Updated bind marked as vulnerable
Hi,
I have a Centos 4.6 machine that even tough has been updated with the latest
bind 9.2.4-28.0.1.el4 is marked as vulnerable by
https://www.dns-oarc.net/oarc/services/dnsentropy.
I have another machine which also uses that same distro and is not.
Do I have to do any other update?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2008 Jul 24
4
POOR: results using 'dig +short porttest.dns-oarc.net TXT'
What are the likely cockpit errors involved when getting POOR results
when running this test on an updated CentOS 5.2?
Kind regards/ldv
[root at shell ~]# dig +short porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"a.b.c.d is POOR: 26 queries in 1.3 seconds from 1 ports with std dev 0.00"
2012 Apr 09
2
R problem nls
Hi,
I will try to explain what it is I need to do, how far I am in doing it yet
and where my problem is:
I have a lot of x,y values I need to fit a non linear function through.
Subsequently, I need to find the intersection point of this fitted curve
with y=1.01
The problem is I have a lot of values so I want to be able to do it all at
once.
I already imported my excel file of the points I have
2009 Nov 18
2
local DNSSEC validation for 5.3p1
Attached is a patch that adds local DNSSEC validation to OpenSSH. See
the readme for more detail. Please direct any questions or comments to
users at dnssec-tools.org. Thanks..
--
Robert Story
Senior Software Engineer
SPARTA (dba Cobham Analytic Soloutions)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size:
2019 Jul 10
2
Samba and DNSSEC
Hi community,
we have tow DCs there works under domain babis.local
We are using unbound on our firewall for the interfaces as default DNS-Server.
Unbound is activated and has an overwrite from our AD-Domain babis.local to the DCs.
When DNSSEC is disabled on unbound, DNS-Queries to dc works perfect.
When DNSSEC is activated on unbound, DNS-Queries will be send to root DNS-Servers and i got
2019 Feb 13
2
DNSSEC Questions
Last weekend I had my DNSSEC keys expire. I discovered that they had
expired the hard way... namely randomly websites could not be found and
email did not get delivered. It seems that the keys were only valid for
what I estimate was about 30 days. It is a real PITA to have update the
keys, restart named and then update Godaddy with new digests.
The first part of the problem is fairly
2015 Dec 24
2
Centos7 poblems with dnssec-keygen
On 12/24/2015 03:50 PM, Alice Wonder wrote:
>
>
> On 12/24/2015 12:40 PM, Robert Moskowitz wrote:
>> I am reading:
>>
>> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
>>
>>
>> I have bind installed and default config running. I have not applied my
>> customizations yet. The first step I am taking is getting
2015 Dec 24
2
Centos7 poblems with dnssec-keygen
I am reading:
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
I have bind installed and default config running. I have not applied my
customizations yet. The first step I am taking is getting rndc.key
created. So reading the guide I am trying to run (while logged in as
root, and in /etc):
dnssec-keygen -a hmac-md5 -b 256 -n HOST rndc.key
The system is just
2015 Jun 22
2
Small issue with DNSSEC / SSHFP
Hi,
I found a small issue with DNSSEC validation of SSHFP lookups. (For reference
I used OpenSSH 6.8p1 on FreeBSD 10.1).
The issues is that when DNSSEC valiation fails, ssh displays a confusing
message to the user. When DNSSEC validation of a SSHFP record fails, ssh
presents the user with
"Matching host key fingerprint found in DNS.
"Are you sure you want to continue connecting
2000 Aug 13
2
combining openSSH and DNSSEC
Hi everybody,
in a university project I started building DNSSEC features into the
current release of openSSH.
The openSSH client I modified now authenticates a server through DNSSEC.
I wanted to ask if there are already plans in the openSSH community to
integrate DNSSEC features.
I really enjoyed working with openSSH and would like to continue my work
and contribute it.
I am about to set up a
2009 Nov 18
11
[Bug 1672] New: add local DNSSEC validation
https://bugzilla.mindrot.org/show_bug.cgi?id=1672
Summary: add local DNSSEC validation
Product: Portable OpenSSH
Version: 5.3p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: robert.story
2020 Mar 25
2
CentOS 6.10 bind DNSSEC issues
Hi,
??? Anyone else had any issues with CentOS 6.10 bind DNS server issues
this afternoon.
At 16:26 (GMT) had alerts for DNS failures against our CentOS 6.10 bind
DNS servers
from our monitoring system.
Sure enough DNS requests via the server was failing, checking the
named.log showed
dnssec issues;
25-Mar-2020 16:26:10.285 dnssec: info: validating @0xb48b17c0:
push.services.mozilla.com
2019 Feb 13
3
DNSSEC Questions
On 2/12/19 10:55 PM, Alice Wonder wrote:
> DNSSEC keys do not expire. Signatures do expire. How long a signature
> is good for depends upon the software generating the signature, some
> lets you specify. ldns I believe defaults to 60 days but I am not sure.
>
> The keys are in DNSSKEY records that are signed by your Key Signing
> Key and must be resigning before the signature
2012 Jun 29
2
[Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022
--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
Patch applied, thanks.
I still don't understand how it gets into this state since the space
should be allocated immediately beforehand:
if (rrset->rri_nsigs > 0) {
rrset->rri_sigs = calloc(rrset->rri_nsigs,
2011 Jul 20
1
auto-accept keys matching DNSSEC-validated SSHFP records
Hi,
I submitted a patch back in November of 2009 to add local validation of
DNSSEC record to openssh. I recent updated the patch for 5.8, and
figured I do a little marketing while I'm at it. :-)
Someone had previously submitted a patch which simply trusted the AD
bit in the response, which is susceptible to spoofing by anyone who can
inject packets between the resolver and the client. Our
2013 Jun 09
7
[Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
https://bugzilla.mindrot.org/show_bug.cgi?id=2119
Bug ID: 2119
Summary: SSHFP with DNSSEC ? no trust anchors given, validation
always fails
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2010 Feb 23
1
Plans for BIND and DNSSEC readiness
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
I've made a post to -arch regarding my plans for BIND in the base, along
with some information about getting ready for DNSSEC, including the
upcoming signing of the root zone. You can find the message at
http://lists.freebsd.org/pipermail/freebsd-arch/2010-February/009908.html.
If you have any feedback regarding any of these topics, please
2019 Feb 13
0
DNSSEC Questions
On 2/12/19 7:26 PM, Paul R. Ganci wrote:
> Last weekend I had my DNSSEC keys expire. I discovered that they had
> expired the hard way... namely randomly websites could not be found and
> email did not get delivered. It seems that the keys were only valid for
> what I estimate was about 30 days. It is a real PITA to have update the
> keys, restart named and then update Godaddy
2016 Apr 27
0
DNSSEC / Security stats (forked from php thread)
I don't have a source, I'd have to dig through my browser history, but I
looked at some of these stats just last month.
Roughly 2% of the top 1000 domains in the United States had deployed
DNSSEC - which I *think* is double what it was a year ago.
Roughly 7% of ISP recursive DNS servers enforce DNSSEC.
Comcast does and Google's public DNS does. Those are the big ones that
enforce