how to proper include DS record on key dnssec
Paul Wouters
paul at xelerance.com
Thu Jan 13 17:36:32 UTC 2011
On Thu, 13 Jan 2011, fakessh @ wrote:
> I correctly configure my server centos dnssec on with as a
> representative of encryptions dlv isc. my question is relevant and was
> already asked but I have not found the complete answer on google. my
> question is how to include the DS record in the Keys. my keys are in a
> separate folder. the DS record is already generated in
The DS record goes into the parent zone, not the zone itself.
> I also wonder the utility of this good record given that my signatures
> are marked as good on dlv
Use any public DNS server with dlv configured. eg nssec.xelerance.net:
dig +dnssec -t ds yourzone @nssec.xelerance.net
> what file in the include directive must be accomplished and realize how
> well inclusion of the DS record (what should be the proper syntax on how
> to declare dlv isc) how to re-sign after the keys
You give your DS via http://dlv.isc.org/
Paul
More information about the bind-users
mailing list