A few conceptual question about dnssec.
Gaurav kansal
gaurav.kansal at nic.in
Fri Feb 17 19:22:08 UTC 2012
-----Original Message-----
From: bind-users-bounces+gaurav.kansal=nic.in at lists.isc.org [mailto:bind-users-bounces+gaurav.kansal=nic.in at lists.isc.org] On Behalf Of Miek Gieben
Sent: Saturday, February 18, 2012 12:42 AM
To: bind-users at lists.isc.org
Subject: Re: A few conceptual question about dnssec.
[ Quoting < <mailto:gaurav.kansal at nic.in> gaurav.kansal at nic.in> at 00:36 on Feb 18 in "RE: A few conceptual..." ]
> Firstly, where do we get the public key for the DS records?
>
> Can you clarify your question???
>
>
>
> Second, why do I get multiple DS records as response? –
>
> You will always get a 2 DS Records in response. One for SHA-1 and
> second for SHA-256.
That completely depends on what is configured in the zone.
But I think it is recommended that you should always put 2 DS Records in your zone file corresponding to each child zone.
One for SHA1 and second for SHA256.
That’s why we always get 2 DS Records from ROOT Server pointing to TLDs.
Perhaps this will help:
<http://nlnetlabs.nl/publications/dnssec_howto/> http://nlnetlabs.nl/publications/dnssec_howto/
grtz Miek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120218/2fbbe6c5/attachment.html>
More information about the bind-users
mailing list