Only one DS key comes back in query

frank picabia fpicabia at gmail.com
Mon May 16 18:41:02 UTC 2022 

I've been using open source for decades.  Long enough that I rarely need to
use lists for help.

Here's the RFC mentioning reserved domain name use:
https://www.rfc-editor.org/rfc/rfc2606.html

I am ridiculed by an ISC member for using a reserved domain according to
the purpose in the RFC and then
a second ISC member states I am arrogant?   I think there's a bunch of you
that need to check your privilege!
Or maybe these persons are the chief whips responsible for driving
people from the lists into paying customers?

Check other lists.  Postfix. Apache.  Whatever.  No one ever has an issue
when they see example.com
It's widely known as the boilerplate value you're leaving out of the
equation for the moment.

In the documentation I see this:

Once the rndc reconfig
> <https://bind9.readthedocs.io/en/v9_18_2/manpages.html#cmdoption-rndc-arg-reconfig> command
> is issued, BIND serves a signed zone. The file dsset-example.com (created
> by dnssec-signzone
> <https://bind9.readthedocs.io/en/v9_18_2/manpages.html#std-iscman-dnssec-signzone> when
> it signed the example.com zone) contains the DS record for the zone’s
> KSK. You will need to pass that to the administrator of the parent zone, to
> be placed in the zone.


It seems the first value in dsset file is okay.  The documentation doesn't
talk about the second one, and this is where
the problem is seen.  I see one value on the second key (digest 2) in dsset
file, and a different value using the value
obtained by running something like:

dig @localhost dnskey irrashai.net | dnssec-dsfromkey -f – irrashai.net

The digest 2 second key here seems to be what should be used with the
domain registrar.  I'll soon find out.



On Mon, May 16, 2022 at 2:54 PM Ondřej Surý <ondrej at isc.org> wrote:

> Well, then don’t expect people will want to help you. If you need to hide
> the information and you need help then you should be prepared to pay for
> the support. Coming to open source list asking for help for free and expect
> other people to help you is just plain arrogant behavior. Again, Bert
> Hubert was exactly right here:
>
> https://berthub.eu/articles/posts/anonymous-help/
>
> Ondrej
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do not
> feel obligated to reply outside your normal working hours.
>
> On 16. 5. 2022, at 19:06, frank picabia <fpicabia at gmail.com> wrote:
>
> Suppose I was working on a problem for Barclays
> Bank, do you suppose they would be thrilled with me posting
> their networking innards for the world to see?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220516/b3f34446/attachment.htm>

More information about the bind-users mailing list