DNSSEC query

bind-list at ayahuasca.net bind-list at ayahuasca.net
Fri Feb 11 02:33:13 UTC 2000 

Hi, I have 3 questions about DNSSEC setup.


--I have worked through Crickets Liu's PowerPoint presentation in setting
up my companies zones in Europe (in the domains .ie, .ru, .bg, etc etc)

If any of those top level NIC's don't yet sign KEY records can I sign them
myself and incorporate that into my signed zone ?  If I can, is this any
security at all ? or still better than nothing ?



--Secondly, when I create my signed zone file with dnssigner, I don't get
the SIG line as shown in the PP Presentation, ie :

SIG  SOA 3 86400 1990320224141 19990217224141 49292 domain.co.uk. (
       ya-de-yah-de-yah )

but instead get :

$SIGNER DEL domain.co.uk. 3 49292

and the same line again under the public key.  Is this right ?
Or am I missing something..?  I have included the full file
below.
 


--Finally, what does the 49292 signify or come from ?



Thanks for any help,

Tony.






; Generated by dns_signer dated October 18, 1999
$ORIGIN domain.co.uk.
$SIGNER ADD domain.co.uk. 3 49292
domain.co.uk.     86400 IN    SOA   ns.domain.co.uk.
hostmaster.domain.co.uk. (
                               1  ; serial
                               3H  ; refresh
                               1H  ; retry
                               1W  ; expiry
                               1D )  ; minimum
$SIGNER DEL domain.co.uk. 3 49292
domain.co.uk.     86400 IN    KEY   0x4101 3 3 (
                   AoN0HpLzbJdyyggk89WqXGyAm41r1lxBAMZn6DDGQ4Znmtgb
                   Fj3UOryJMuHYR89wQaf1pzdYvW5rM+y7dWuS1gBKlgmhEA+/
                   TeK88rQBMVAFfETRqxm8YIpcdzpD96oBe3EYbF1vaRkGDOZS
                   8HVAldbj+XINBfYM8adadoX3KSEoP3oAq9/U6GXXrdnstJHh
                   uERYoha0stgmAUuVaA6J1Joeqx4e0EGAPsr8Lp8u7qYxTB/y
                   TTlXJoxYLIwwTwYh2O8M6ahjW0qfkhslHAHIss0rEDpH3bFn
                   ftgX65scAZgZQl8IpXoMULD67Yr1LsFqGm6zyvwlkA7+TD77
                   fM9abr3CeIGy )
$SIGNER ADD domain.co.uk. 3 49292
domain.co.uk.     86400 IN    NS    ns.domain.co.uk.
                86400 IN    NS    dns.anisp.net.
domain.co.uk.     86400 IN    MX    10 mail.domain.co.uk.
                86400 IN    MX    20 mail.domain.domain.com.
domain.co.uk.     86400 IN    NXT   ftp.domain.co.uk. NS SOA MX SIG KEY
NXT
ftp             86400 IN    A     xxx.xx.xx.xxx
ftp             86400 IN    NXT   localhost.domain.co.uk. A SIG NXT
localhost       86400 IN    A     127.0.0.1
localhost       86400 IN    NXT   mail.domain.co.uk. A SIG NXT
mail            86400 IN    A     xxx.xx.xxx.xxx
mail            86400 IN    NXT   ns.domain.co.uk. A SIG NXT
ns              86400 IN    A     xxx.xx.xxx.xxx
ns              86400 IN    NXT   www.domain.co.uk. A SIG NXT
www             86400 IN    A     xxx.xx.xxx.xxx
www             86400 IN    NXT   domain.co.uk. A SIG NXT







=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 
     "He who will not reason is a bigot; he who cannot is a fool; 
      and he who dares not is a slave."    - Sir William Drummond

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

More information about the bind-users mailing list