how to proper include DS record on key dnssec

fakessh @ fakessh at fakessh.eu
Thu Jan 13 02:21:13 UTC 2011 

hello bind network 
hello dnssec network admin. 


I correctly configure my server centos dnssec on with as a
representative of encryptions dlv isc. my question is relevant and was
already asked but I have not found the complete answer on google. my
question is how to include the DS record in the Keys. my keys are in a
separate folder. the DS record is already generated in

I also wonder the utility of this good record given that my signatures
are marked as good on dlv

I read that a single include file in the keys was the right approach but
I would like to have more precision on the proper conduct of this
operation

what file in the include directive must be accomplished and realize how
well inclusion of the DS record (what should be the proper syntax on how
to declare dlv isc) how to re-sign after the keys

this is it the response on google for implement DS record with dnssec
http://newsgroups.derkeiler.com/Archive/Comp/comp.protocols.dns.bind/2010-08/msg00054.html


thanks for many returns who are welcome

this is a relevant on my config of keys
~]# cat  /var/named/dsset-fakessh.eu. 
fakessh.eu.             IN DS 47103 3 1
CFEA04C5B91**************7F2DF5225E357
fakessh.eu.             IN DS 47103 3 2
68096942650C1DD89D5**************************09F4F1CD348 4D8ED07B


~]# ls -al /var/named/keys
total 8
drwxrwxr-x 2 root named 4096 jan  1 15:41 .
drwxrwx--- 7 root named 4096 jan  1 15:34 ..
lrwxrwxrwx 1 root named   28 jan  1 15:41 dsset-fakessh.eu.
-> /var/named/dsset-fakessh.eu.
lrwxrwxrwx 1 root named   34 jan  1 15:41 dsset-nicolaspichot.fr.
-> /var/named/dsset-nicolaspichot.fr.
lrwxrwxrwx 1 root named   33 jan  1 15:41 dsset-renelacroute.fr.
-> /var/named/dsset-renelacroute.fr.
lrwxrwxrwx 1 root named   29 jan  1 15:41 keyset-fakessh.eu.
-> /var/named/keyset-fakessh.eu.
lrwxrwxrwx 1 root named   35 jan  1 15:41 keyset-nicolaspichot.fr.
-> /var/named/keyset-nicolaspichot.fr.
lrwxrwxrwx 1 root named   34 jan  1 15:41 keyset-renelacroute.fr.
-> /var/named/keyset-renelacroute.fr.
lrwxrwxrwx 1 root named   37 jan  1 15:41 Kfakessh.eu.+003+47103.key
-> /var/named/Kfakessh.eu.+003+47103.key
lrwxrwxrwx 1 root named   41 jan  1 15:41 Kfakessh.eu.+003+47103.private
-> /var/named/Kfakessh.eu.+003+47103.private
lrwxrwxrwx 1 root named   37 jan  1 15:41 Kfakessh.eu.+003+59773.key
-> /var/named/Kfakessh.eu.+003+59773.key
lrwxrwxrwx 1 root named   41 jan  1 15:41 Kfakessh.eu.+003+59773.private
-> /var/named/Kfakessh.eu.+003+59773.private
lrwxrwxrwx 1 root named   43 jan  1 15:41 Knicolaspichot.fr.+003
+02473.key -> /var/named/Knicolaspichot.fr.+003+02473.key
lrwxrwxrwx 1 root named   47 jan  1 15:41 Knicolaspichot.fr.+003
+02473.private -> /var/named/Knicolaspichot.fr.+003+02473.private
lrwxrwxrwx 1 root named   43 jan  1 15:41 Knicolaspichot.fr.+003
+07246.key -> /var/named/Knicolaspichot.fr.+003+07246.key
lrwxrwxrwx 1 root named   47 jan  1 15:41 Knicolaspichot.fr.+003
+07246.private -> /var/named/Knicolaspichot.fr.+003+07246.private
lrwxrwxrwx 1 root named   42 jan  1 15:41 Krenelacroute.fr.+003
+01827.key -> /var/named/Krenelacroute.fr.+003+01827.key
lrwxrwxrwx 1 root named   46 jan  1 15:41 Krenelacroute.fr.+003
+01827.private -> /var/named/Krenelacroute.fr.+003+01827.private
lrwxrwxrwx 1 root named   42 jan  1 15:41 Krenelacroute.fr.+003
+57237.key -> /var/named/Krenelacroute.fr.+003+57237.key
lrwxrwxrwx 1 root named   46 jan  1 15:41 Krenelacroute.fr.+003
+57237.private -> /var/named/Krenelacroute.fr.+003+57237.private

-- 
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110113/320e9d76/attachment.bin>

More information about the bind-users mailing list