Disable DNSSEC
Eric Davis
eric at mail.rockefeller.edu
Tue Jan 7 16:34:27 UTC 2014
Duh...silly mistake...I did a DIG on the NS record..Once the DS record is removed DNS queries should work fine right? Thanks Bill.
-----Original Message-----
From: Bill Owens [mailto:owens at nysernet.org]
Sent: Tuesday, January 07, 2014 11:28 AM
To: Eric Davis
Cc: bind-users at lists.isc.org
Subject: Re: Disable DNSSEC
On Tue, Jan 07, 2014 at 04:24:31PM +0000, Eric Davis wrote:
> So I guess my DS record has the same TTL as my default TTL for my records? My default is 8 hours, so if I wait 8 hours after I remove the DS from my parent zone then I should be ok? My parent zone is a TLD(.edu).
The DS record is in the parent zone (.edu) and it has a one-day TTL:
;; AUTHORITY SECTION:
rockefeller.edu. 172800 IN NS r2d2.rockefeller.edu.
rockefeller.edu. 172800 IN NS rockyd.rockefeller.edu.
rockefeller.edu. 86400 IN DS 40486 5 1 954F779D591F011288CAD43D64D96EA543E0D3E5
rockefeller.edu. 86400 IN RRSIG DS 8 2 86400 20140113054536 20140106043536 20750 edu. 0XmRgd7FPG56t7etP2dK0W9gvVVm5oJlaCXufHlWnLsPWwNcAGIEQBCp RxBicOFdPgmxvm1VV+IXq7W2qEKiFOchCgfqm9ugqQ7/DOR0DJW1edgI ZqUVLfMgp/VT1+6EXU+wGiR7D2rZs1xvyu82cMQCkBseiKVAJv2F35LK MSE=
Bill.
More information about the bind-users
mailing list