inconsistency dnssec debuguers response and writing conseil for new areas zone
fakessh @
fakessh at fakessh.eu
Tue Mar 1 20:52:34 UTC 2011
as I now know what key DS uses.
I logged into my account and I moved isc dlv record SHA1 DS,
and I thought to receive a new record or something like that.
well no reply from the ISC is :
A corresponding DNSKEY already exists for this record.
All comments are welcome to help me find a solution
nb : I publish on my blog a little article on dnssec
http://fakessh.eu/2011/02/16/faire-marcher-dnssec-sur-son-serveur/
Le mardi 01 mars 2011 à 21:00 +0100, Torinthiel a écrit :
> On 03/01/11 20:17, fakessh @ wrote:
>
> > is the repeat isc dlv seems to accept the flag DS
> > in my case i have to a file dsset-fakessh.eu
> > but the file contains two keys DS and i don't know which to use
>
> The DS you have are both for the same key, only one is SHA1 and other
> SHA256. You could try any of them, but see below.
>
> ISC DLV accepts keys, you have to create an account, add your zone and
> keys for it. I remember having some trouble trying to add DS records,
> but DNSKEY worked fine. Of course the zone has to be signed using that
> key, and ISC asks you to add a TXT record at dlv.your.zone (or something
> similar) to prove your ability to modify the zone.
> The procedure is simple and well defined.
>
> And about OVH - I don't know if it's related, but I've asked Polish OVH
> how about providing DNSSEC, as .pl is planned to be signed mid-year, and
> they've answered me they will probably be ready. This might, or might
> not be related to providing DNSSEC by other OVH branches and for other
> registries.
>
> Torinthiel
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110301/8ad7c114/attachment.bin>
More information about the bind-users
mailing list