Buffrr
Just an update: I had a call with EngFlow and their current offering is more suitable for larger teams. They seem to be flexible with their plans so this won't...
Thanks for reporting this. Beacon is still in beta. Automated updates are still on the todo list. Having said that, we still need to keep it up to date with...
> It should instead know (somehow) that the domain (e.xp) is not in the parent zone, switch to the child zone (e.xp), verify the zone change, fetch keys (46984), and...
I will close this for now and we can revisit later
the problem with checking the AD bit only by non validating resolvers is that it's not possible to determine whether the AD bit is missing because the domain is not...
> his causes a problem when running two instances of hsd (for failover) in conjunction with Buffrr's AXFR plug-in to feed the merged ROOT zone to one or more slaves....
> I would hope, in that situation the stale DS would fail to validate & all the data should be discarded If an attacker was in the middle it should...
> Even if we started resolving 24-hour-old data the worst case is that a key is trusted that was revoked less than one day ago. Yeah, even 24-hour is an...
> I think adding the new keys before adding the new DS is more reliable. Having an additional DS without a corresponding DNSKEY is okay and this was mentioned from...
Someone should write a plugin for hsd to automate rollovers perhaps by querying CDS/CDNSKEY records ;) Since we can easily update the root zone, parent/child communication should really be automated.