DNSSEC: give KSK from my domain to parent zones
Mark Andrews
marka at isc.org
Wed Oct 3 19:35:45 UTC 2018
You give the matching DS record via your registrar much the same way as you do the NS RRset or glue address records. If your registrar doesn’t support DNSSEC you will need to change registrars.
If your parent zone uses CDS or CDNSKEY then publish those records at the zone apex.
If your parent zone is not signed then start complaining.
--
Mark Andrews
> On 4 Oct 2018, at 05:24, Roberto Carna <robertocarna36 at gmail.com> wrote:
>
> Dear people, I have DNSSEC implemented in my authoritative domain in BIND 9.10. I've created the KSK and ZSK too.
>
> Let's say my domain is "robert.com.uk".
>
> How do I have to give the KSK (key signing key) to my parent zones, let's say COM and UK ???
>
> And what if COM or UK don't use DNSSEC at all ???
>
> Thanking in advance,
>
> Robert
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181004/8bde486d/attachment.html>
More information about the bind-users
mailing list