Displaying 20 results from an estimated 8000 matches similar to: "DNSSEC deployment stats"
2016 Apr 27
0
DNSSEC / Security stats (forked from php thread)
I don't have a source, I'd have to dig through my browser history, but I
looked at some of these stats just last month.
Roughly 2% of the top 1000 domains in the United States had deployed
DNSSEC - which I *think* is double what it was a year ago.
Roughly 7% of ISP recursive DNS servers enforce DNSSEC.
Comcast does and Google's public DNS does. Those are the big ones that
enforce
2017 Feb 20
3
Problem with Let's Encrypt Certificate
On 02/19/2017 05:39 AM, KT Walrus wrote:
>> That's one of the reasons I don't like Let's Encrypt, with one year certs it is easier to look at the certs and see what is going to expire in the coming month needing a new private key.
>
> I use dehydrated (with Cloudflare DNS challenges) and as far as I know, it seems to generate a new private key every time.
Yeah that would
2016 Apr 27
2
Apache/PHP Installation - opinions
On Wed, Apr 27, 2016 at 1:04 AM, Alice Wonder <alice at domblogger.net> wrote:
> Not with a smtp that enforces DANE.
I'm aware of how DANE works.
The only problem is no MTA outside of Postfix implements it.
You can thank the hatred of DNSSEC for that.
Brandon Vincent
2017 Feb 19
4
Problem with Let's Encrypt Certificate
On 02/18/2017 10:24 PM, Robert L Mathews wrote:
> On 2/17/17 1:38 PM, chaouche yacine wrote:
>
>> Seems wrong to me too, Robert. If you put your private key inside
>> your certificate, won't it be sent to the client along with it ?
>
> No; any SSL software that uses the file will extract the parts it needs
> from it and convert them to its internal format for future
2018 Dec 07
0
Samba with BIND9 DLZ affecting internet speed
Hai,
As Andrew also told, setup a caching dns and forward the samba dns zones.
This works great, i use this on 2 internet connected servers.
What we (i) also want to know is your running OS and samba version.
That does help us, yes, really.. ;-)
A very simple to setup for a forwarding dns.
Install bind9 on the ftp server.
Set in the named.options.
dnssec-enable yes;
2019 Feb 13
0
DNSSEC Questions
On 2/12/19 7:26 PM, Paul R. Ganci wrote:
> Last weekend I had my DNSSEC keys expire. I discovered that they had
> expired the hard way... namely randomly websites could not be found and
> email did not get delivered. It seems that the keys were only valid for
> what I estimate was about 30 days. It is a real PITA to have update the
> keys, restart named and then update Godaddy
2015 Jun 22
2
Small issue with DNSSEC / SSHFP
Hi,
I found a small issue with DNSSEC validation of SSHFP lookups. (For reference
I used OpenSSH 6.8p1 on FreeBSD 10.1).
The issues is that when DNSSEC valiation fails, ssh displays a confusing
message to the user. When DNSSEC validation of a SSHFP record fails, ssh
presents the user with
"Matching host key fingerprint found in DNS.
"Are you sure you want to continue connecting
2020 Mar 25
0
CentOS 6.10 bind DNSSEC issues
At Wed, 25 Mar 2020 17:03:23 +0000 CentOS mailing list <centos at centos.org> wrote:
>
> Hi,
>
> ???????????? Anyone else had any issues with CentOS 6.10 bind DNS server issues
Yes. The installed ISC DLV key installed with
bind-9.8.2-0.68.rc1.el6_10.3.x86_64 seems to have expired and there does not
appear to be a new bind-9.8.2 RPM with a new key. I guess you can
2019 Feb 13
0
DNSSEC Questions
On 2/12/19 11:49 PM, Paul R. Ganci wrote:
>
> On 2/12/19 10:55 PM, Alice Wonder wrote:
>> DNSSEC keys do not expire. Signatures do expire. How long a signature
>> is good for depends upon the software generating the signature, some
>> lets you specify. ldns I believe defaults to 60 days but I am not sure.
>>
>> The keys are in DNSSKEY records that are signed
2011 Jul 20
1
auto-accept keys matching DNSSEC-validated SSHFP records
Hi,
I submitted a patch back in November of 2009 to add local validation of
DNSSEC record to openssh. I recent updated the patch for 5.8, and
figured I do a little marketing while I'm at it. :-)
Someone had previously submitted a patch which simply trusted the AD
bit in the response, which is susceptible to spoofing by anyone who can
inject packets between the resolver and the client. Our
2000 Aug 13
2
combining openSSH and DNSSEC
Hi everybody,
in a university project I started building DNSSEC features into the
current release of openSSH.
The openSSH client I modified now authenticates a server through DNSSEC.
I wanted to ask if there are already plans in the openSSH community to
integrate DNSSEC features.
I really enjoyed working with openSSH and would like to continue my work
and contribute it.
I am about to set up a
2019 Jul 10
2
Samba and DNSSEC
Hi community,
we have tow DCs there works under domain babis.local
We are using unbound on our firewall for the interfaces as default DNS-Server.
Unbound is activated and has an overwrite from our AD-Domain babis.local to the DCs.
When DNSSEC is disabled on unbound, DNS-Queries to dc works perfect.
When DNSSEC is activated on unbound, DNS-Queries will be send to root DNS-Servers and i got
2015 Dec 24
2
Centos7 poblems with dnssec-keygen
On 12/24/2015 03:50 PM, Alice Wonder wrote:
>
>
> On 12/24/2015 12:40 PM, Robert Moskowitz wrote:
>> I am reading:
>>
>> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
>>
>>
>> I have bind installed and default config running. I have not applied my
>> customizations yet. The first step I am taking is getting
2020 Mar 25
2
CentOS 6.10 bind DNSSEC issues
Hi,
??? Anyone else had any issues with CentOS 6.10 bind DNS server issues
this afternoon.
At 16:26 (GMT) had alerts for DNS failures against our CentOS 6.10 bind
DNS servers
from our monitoring system.
Sure enough DNS requests via the server was failing, checking the
named.log showed
dnssec issues;
25-Mar-2020 16:26:10.285 dnssec: info: validating @0xb48b17c0:
push.services.mozilla.com
2019 Feb 13
2
DNSSEC Questions
Last weekend I had my DNSSEC keys expire. I discovered that they had
expired the hard way... namely randomly websites could not be found and
email did not get delivered. It seems that the keys were only valid for
what I estimate was about 30 days. It is a real PITA to have update the
keys, restart named and then update Godaddy with new digests.
The first part of the problem is fairly
2018 Dec 07
2
Samba with BIND9 DLZ affecting internet speed
Hi there.
Setup is Centos 7.4 with Samba 4.7.4. I
In our second office I've got configured Centos 7.5 with latest samba ad +
dlz, which I've set just as Andrew suggested, using separate bind9 that
forwards queries to the samba AD(dlz) for the given dns zone. Unfortunately
the office isn't operational yet, so I can't share any experience.
Best
On Fri, Dec 7, 2018 at 10:11 AM
2009 Nov 18
2
local DNSSEC validation for 5.3p1
Attached is a patch that adds local DNSSEC validation to OpenSSH. See
the readme for more detail. Please direct any questions or comments to
users at dnssec-tools.org. Thanks..
--
Robert Story
Senior Software Engineer
SPARTA (dba Cobham Analytic Soloutions)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size:
2019 Feb 13
3
DNSSEC Questions
On 2/12/19 10:55 PM, Alice Wonder wrote:
> DNSSEC keys do not expire. Signatures do expire. How long a signature
> is good for depends upon the software generating the signature, some
> lets you specify. ldns I believe defaults to 60 days but I am not sure.
>
> The keys are in DNSSKEY records that are signed by your Key Signing
> Key and must be resigning before the signature
2015 Dec 24
0
Centos7 poblems with dnssec-keygen
On 12/24/2015 12:40 PM, Robert Moskowitz wrote:
> I am reading:
>
> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
>
> I have bind installed and default config running. I have not applied my
> customizations yet. The first step I am taking is getting rndc.key
> created. So reading the guide I am trying to run (while logged in as
> root, and
2015 Dec 24
0
Centos7 poblems with dnssec-keygen
On 12/24/2015 12:54 PM, Robert Moskowitz wrote:
>
> Right now all I want working is rndc. dnssec will be worked on come
> spring.
>
> With all I do in security, it bothers me that the Centos documentation
> specifies MD5. Should be at least SHA1, if not SHA256.
>
>
Oh okay I apoligize, I mis-read your post as asking about generating
DNSSEC keys, due to the command name