DNSSEC DSSET & KEYSET
Joseph S D Yao
jsdy at tux.org
Thu Jan 28 17:21:58 UTC 2010
On Thu, Jan 28, 2010 at 03:42:11PM +0000, Evan Hunt wrote:
>
> > Is there a tool/process to verify if the parenet domain has DSSET,
> > KEYSET, or keys in place for the child domain? Thanks.
>
> "dig ds <yourdomain>", and check that a) DS records are returned, and
> B) the first field of at least some of the DS records match the key ID of
> the key-signing key for your zone. For example, isc.org is using key 12892:
Apologies if I'm missing something, but wouldn't this read the DS
records off the domain's own name servers, rather than the parent's?
Shouldn't there be an additional @parent.name.server argument?
Thanks.
--
/*********************************************************************\
**
** Joe Yao jsdy at tux.org - Joseph S. D. Yao
**
\*********************************************************************/
More information about the bind-users
mailing list