similar to: Centos7 poblems with dnssec-keygen

On 12/24/2015 03:50 PM, Alice Wonder wrote: > > > On 12/24/2015 12:40 PM, Robert Moskowitz wrote: >> I am reading: >> >> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html >> >> >> I have bind installed and default config running. I have not applied my >> customizations yet. The first step I am taking is getting

On 12/24/2015 12:40 PM, Robert Moskowitz wrote: > I am reading: > > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html > > I have bind installed and default config running. I have not applied my > customizations yet. The first step I am taking is getting rndc.key > created. So reading the guide I am trying to run (while logged in as > root, and

On 12/24/2015 12:54 PM, Robert Moskowitz wrote: > > Right now all I want working is rndc. dnssec will be worked on come > spring. > > With all I do in security, it bothers me that the Centos documentation > specifies MD5. Should be at least SHA1, if not SHA256. > > Oh okay I apoligize, I mis-read your post as asking about generating DNSSEC keys, due to the command name

On 2/12/19 10:55 PM, Alice Wonder wrote: > DNSSEC keys do not expire. Signatures do expire. How long a signature > is good for depends upon the software generating the signature, some > lets you specify. ldns I believe defaults to 60 days but I am not sure. > > The keys are in DNSSKEY records that are signed by your Key Signing > Key and must be resigning before the signature

Last weekend I had my DNSSEC keys expire. I discovered that they had expired the hard way... namely randomly websites could not be found and email did not get delivered. It seems that the keys were only valid for what I estimate was about 30 days. It is a real PITA to have update the keys, restart named and then update Godaddy with new digests. The first part of the problem is fairly

Hi I have a script to resign all DNS zones every two weeks. When i run the script from bash, it works like it should. But when it is executed in cron not. Its starting normal as cronjob: Feb 1 03:00:01 xxx CROND[20116]: (root) CMD (sh /opt/dnssec/resign_dnssec_zones.sh) But after i get a mail that everything is finsihed, but it isn't. 03:04:28 DNSSEC-Signierung abgeschlossen The script

https://bugzilla.mindrot.org/show_bug.cgi?id=2119 Bug ID: 2119 Summary: SSHFP with DNSSEC ? no trust anchors given, validation always fails Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

Thank you for the hints I modified like you described. I also moved the permission part out of the loop (once at the end of the script is enough). Now with the "set -x" the script is working also in cron. Best regards Daniel -----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Tony Mountifield Sent: Wednesday, February 1, 2017 11:04 AM To:

I don't have a source, I'd have to dig through my browser history, but I looked at some of these stats just last month. Roughly 2% of the top 1000 domains in the United States had deployed DNSSEC - which I *think* is double what it was a year ago. Roughly 7% of ISP recursive DNS servers enforce DNSSEC. Comcast does and Google's public DNS does. Those are the big ones that enforce

https://bugzilla.mindrot.org/show_bug.cgi?id=2022 --- Comment #2 from Darren Tucker <dtucker at zip.com.au> --- Patch applied, thanks. I still don't understand how it gets into this state since the space should be allocated immediately beforehand: if (rrset->rri_nsigs > 0) { rrset->rri_sigs = calloc(rrset->rri_nsigs,

On 2/12/19 7:26 PM, Paul R. Ganci wrote: > Last weekend I had my DNSSEC keys expire. I discovered that they had > expired the hard way... namely randomly websites could not be found and > email did not get delivered. It seems that the keys were only valid for > what I estimate was about 30 days. It is a real PITA to have update the > keys, restart named and then update Godaddy

On 2/12/19 11:49 PM, Paul R. Ganci wrote: > > On 2/12/19 10:55 PM, Alice Wonder wrote: >> DNSSEC keys do not expire. Signatures do expire. How long a signature >> is good for depends upon the software generating the signature, some >> lets you specify. ldns I believe defaults to 60 days but I am not sure. >> >> The keys are in DNSSKEY records that are signed

I have been running openSSH 7.4p1 for a while now. When I upgraded to 7.5 a year or so ago I ran into the problem listed in this bug report: Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218472 The release notes for 7.6 release notes indicate that the fix patch was included: https://www.openssh.com/txt/release-7.6 I tried 7.6 and I still cannot connect without a prompt wondering

Hello List, does anyone have also problems with Samba, OpenLDAP and RaiserFS? We have a LDAP on three servers and only the one who runs under RaiserFS crashed every week. Whats your opinion? matze

We run 2 samba servers; 1 running samba 1.9.18p10 (w/ Solaris 2.5) and the other running samba 2.0.6 (w/ Solaris 2.6). One of our users is running Delorme StreetAtlas 6.0. While he has no problems writing to his home directory using samba 1, he gets the following error writing to the same home directory using samba 2: A sharing violation occurred while accessing H:\test.SA6 I have verified

Hello, Working with Windows 7 in a HP laptop with R-2.10.1 I download and installed ImageMagick-6.3.7.7-Q16-Windows-dll.exe and GTK 2.12.9-win32-2, then downloaded and installed from local file EBImage_3.2.0.zip and I got: > library(EBImage) Loading required package: abind Error in inDL(x, as.logical(local), as.logical(now), ...) : unable to load shared library

https://bugzilla.mindrot.org/show_bug.cgi?id=2702 Bug ID: 2702 Summary: ssh compiled with --with-ldns segfaults during known_hosts parsing Product: Portable OpenSSH Version: 7.5p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh

Hi, I''m having some problems with redcloth(3.0.4 gem) and textilize. I have a string: "h2. hello _what''s up?_" which is being textilized as: <h2>hello<br /> <em>what&#8217;s up?</em></h2> so no paragraph and h2 wrapped all the way. the input is coming from firefox 1.5.2 on a mac Anybody got any idea what the problem might be? --

https://bugzilla.mindrot.org/show_bug.cgi?id=2603 Bug ID: 2603 Summary: Build with ldns and without kerberos support fails if ldns compiled with kerberos support Product: Portable OpenSSH Version: 7.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

> I replaced the ldns code with getdns. Works fine for more than a year now. > I am interested in how you did that. Would you mind sharing your procedure? > I don't think anybody cares. I tried to tell people. But that had no > effect. > There certainly is not as much talk about it as I would expect there to be.