similar to: Samba and DNSSEC

https://bugzilla.mindrot.org/show_bug.cgi?id=2119 Bug ID: 2119 Summary: SSHFP with DNSSEC ? no trust anchors given, validation always fails Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

Hello, NSD 4.7.0 running on FreeBSD 13.X and serving DNSSEC signed zone (say mydomain.org) to the world. I've been approached by a customer with the request to include certain records into mydomain.org zone which will be resolvable only from their premises. I'm thinking to setup a pair of unbound instances, ask the customer to configure conditional forwarding for mydomain.org to those

Greetings, Unbound 1.4.20 OS X 10.8.4 - Server NSD 3.2.15 I have installed 'unbound' and it works nicely on my client (test purpose) - Client is MacBook Air. I have installed NSD (will be in replacement of BIND) on said client. All is good but when i try to start NSD Error --> nsd can't bind udp socket: address already in use. Everything is configured to bind to 127.0.0.1. #

Dear OpenSSH Developers, I'm a member of the Debian System Administration (DSA) team. [1] We manage the Debian Projects computing infrastructure. Recently, DSA had the opportunity to address a member's request that we begin using certificates to authenticate Debian Project machines to ssh clients. We provided a lengthy reply, the summary of which is "we publish SSHFP records; use

Default install with local_unbound and ntpd can't be functional with incorrect date/time in BIOS: Unbound requred correct time for DNSSEC check and refuseing queries ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") ntpd don't have any numeric IP of ntp servers in ntp.conf -- only symbolic names like

Default install with local_unbound and ntpd can't be functional with incorrect date/time in BIOS: Unbound requred correct time for DNSSEC check and refuseing queries ("Jul 1 20:17:29 yellowrat unbound: [3444:0] info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN") ntpd don't have any numeric IP of ntp servers in ntp.conf -- only symbolic names like

Last weekend I had my DNSSEC keys expire. I discovered that they had expired the hard way... namely randomly websites could not be found and email did not get delivered. It seems that the keys were only valid for what I estimate was about 30 days. It is a real PITA to have update the keys, restart named and then update Godaddy with new digests. The first part of the problem is fairly

I don't have a source, I'd have to dig through my browser history, but I looked at some of these stats just last month. Roughly 2% of the top 1000 domains in the United States had deployed DNSSEC - which I *think* is double what it was a year ago. Roughly 7% of ISP recursive DNS servers enforce DNSSEC. Comcast does and Google's public DNS does. Those are the big ones that enforce

On 12/24/2015 03:50 PM, Alice Wonder wrote: > > > On 12/24/2015 12:40 PM, Robert Moskowitz wrote: >> I am reading: >> >> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html >> >> >> I have bind installed and default config running. I have not applied my >> customizations yet. The first step I am taking is getting

On 2/12/19 10:55 PM, Alice Wonder wrote: > DNSSEC keys do not expire. Signatures do expire. How long a signature > is good for depends upon the software generating the signature, some > lets you specify. ldns I believe defaults to 60 days but I am not sure. > > The keys are in DNSSKEY records that are signed by your Key Signing > Key and must be resigning before the signature

OR just make the file immutable if it's so critical to you. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Jon LaBadie" <jcu at labadie.us> > To: "CentOS mailing list" <centos at centos.org> > Sent: Wednesday, 12 April, 2017 07:16:22 > Subject: Re: [CentOS] Network Manager / CentOS 7 /

https://bugzilla.mindrot.org/show_bug.cgi?id=1672 Summary: add local DNSSEC validation Product: Portable OpenSSH Version: 5.3p1 Platform: Other OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: robert.story

Hello list - http://unix.stackexchange.com/questions/90035/how-to-set-dns-resolver-in-fedora-using-network-manager That says it works for CentOS 5 and I *suspect* the methods there (3 listed) would work, but what is the best way with NetworkManager to set it up to use the localhost for DNS ? I'm paranoid about DNS spoofing and really prefer to have a local instance of DNSSEC enforcing

On 01/13/2017 05:50 AM, Albert McCann wrote: >> -----Original Message----- >> From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of TE Dukes >> Sent: Friday, January 13, 2017 7:50 AM >> To: 'CentOS mailing list' <centos at centos.org> >> Subject: [CentOS] Unable to edit resolv.conf >> >> I changed ISPs and need to update name

Hi, ??? Anyone else had any issues with CentOS 6.10 bind DNS server issues this afternoon. At 16:26 (GMT) had alerts for DNS failures against our CentOS 6.10 bind DNS servers from our monitoring system. Sure enough DNS requests via the server was failing, checking the named.log showed dnssec issues; 25-Mar-2020 16:26:10.285 dnssec: info: validating @0xb48b17c0: push.services.mozilla.com

Hi, I found a small issue with DNSSEC validation of SSHFP lookups. (For reference I used OpenSSH 6.8p1 on FreeBSD 10.1). The issues is that when DNSSEC valiation fails, ssh displays a confusing message to the user. When DNSSEC validation of a SSHFP record fails, ssh presents the user with "Matching host key fingerprint found in DNS. "Are you sure you want to continue connecting

Hi everybody, in a university project I started building DNSSEC features into the current release of openSSH. The openSSH client I modified now authenticates a server through DNSSEC. I wanted to ask if there are already plans in the openSSH community to integrate DNSSEC features. I really enjoyed working with openSSH and would like to continue my work and contribute it. I am about to set up a

Attached is a patch that adds local DNSSEC validation to OpenSSH. See the readme for more detail. Please direct any questions or comments to users at dnssec-tools.org. Thanks.. -- Robert Story Senior Software Engineer SPARTA (dba Cobham Analytic Soloutions) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size:

Well, folks, There's an article on slashdot, <http://tech.slashdot.org/article.pl?sid=10/04/30/1258234> Excerpt: ...the coming milestone of May 5, at 17:00 UTC ? at this time DNSSEC will be rolled out across all 13 root servers. Some Internet users, especially those inside corporations and behind smaller ISPs, may experience intermittent problems. The reason is that some older

I am reading: https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html I have bind installed and default config running. I have not applied my customizations yet. The first step I am taking is getting rndc.key created. So reading the guide I am trying to run (while logged in as root, and in /etc): dnssec-keygen -a hmac-md5 -b 256 -n HOST rndc.key The system is just