DNSSEC not populating parent zone files with DS records
Tony Finch
dot at dotat.at
Tue Oct 4 19:30:43 UTC 2011
Raymond Drew Walker <Ray.Walker at nau.edu> wrote:
> In testing, this pipe sets up the following for nsupdate which fails:
Sorry, I forgot the TTL command. Adjust its value as you require...
dig +noall +answer dnskey $child |
dnssec-dsfromkey -f /dev/stdin $child |
(echo "zone $parent"; echo "ttl 3600"; sed 's/^/update add /'; echo "send") |
nsupdate -l
> Am I also missing somewhere in the RFC where NS records of children zones
> need be populated in the parent? Is this something that has changed with
> the addition of DNSSEC?
No, it has always been an error. See RFC 2181 section 6. DNSSEC just makes
the breakage more obvious.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Fisher: Southwesterly 5 to 7, occasionally gale 8. Rough or very rough.
Showers then rain. Moderate or good.
More information about the bind-users
mailing list