DNSSEC submit of DLV vs DNSKEY records?
dchilton+bind at bestmail.us
dchilton+bind at bestmail.us
Thu May 5 20:47:53 UTC 2011
"missed it by THAT much ...". thx! relocating to bind-users.
On Thu, 05 May 2011 14:37 -0500, "/dev/rob0" <rob0 at gmx.co.uk> wrote:
> FWIW I think you hit the wrong list. Did you mean bind-users at isc?
> On Thu, May 05, 2011 at 12:25:27PM -0700, dchilton+bind at bestmail.us
> wrote:
> > after signing my zones with 'dnssec-signzone', i 've got both
> >
> > dsset-domain.com
> > dlvset-domain.com
> >
> > containing DS- and DLV-records, respectively.
> >
> > i know i *can* submit the records to my registrar (DS records)
> > and dlv.isc.org (DLV records), but should I do both?
> >
> > i'm not clear if these are redundant mechs for getting to a
> > 'valid' DNSSEC state, or complementary.
> >
> > can anyone clarify -- both or just one? and if just one, which
> > one?
>
> [I hope someone will correct me if I'm wrong.]
>
> My understanding: if the parent is signed, that is the only way a
> child zone can be validated, unless of course using trusted-keys.
> DLV is only done when the parent is unsigned.
>
> Off to the registrar you go!
> --
> Offlist mail to this address is discarded unless
> "/dev/rob0" or "not-spam" is in Subject: header
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
More information about the bind-users
mailing list