how to proper include DS record on key dnssec
fakessh @
fakessh at fakessh.eu
Fri Jan 14 02:11:14 UTC 2011
hello bind network and hello dnssec network admin.
thank you for answered,
I think I found a solution to my problem.
$INCLUDE directive is that I have to handle
example:
$INCLUDE /var/named/keys/dsset-fakessh.eu. fakessh.eu
$INCLUDE /var/named/keys/keyset-fakessh.eu. fakessh.eu
and perform a complete resignatures area zone
this should enable me to have the flag DS and DS sign, DLV and DLV sign
in my area zone
its right
thanks for your return many return are welcome
Le jeudi 13 janvier 2011 à 12:36 -0500, Paul Wouters a écrit :
> On Thu, 13 Jan 2011, fakessh @ wrote:
>
> > I correctly configure my server centos dnssec on with as a
> > representative of encryptions dlv isc. my question is relevant and was
> > already asked but I have not found the complete answer on google. my
> > question is how to include the DS record in the Keys. my keys are in a
> > separate folder. the DS record is already generated in
>
> The DS record goes into the parent zone, not the zone itself.
>
> > I also wonder the utility of this good record given that my signatures
> > are marked as good on dlv
>
> Use any public DNS server with dlv configured. eg nssec.xelerance.net:
>
> dig +dnssec -t ds yourzone @nssec.xelerance.net
>
> > what file in the include directive must be accomplished and realize how
> > well inclusion of the DS record (what should be the proper syntax on how
> > to declare dlv isc) how to re-sign after the keys
>
> You give your DS via http://dlv.isc.org/
>
> Paul
--
gpg --keyserver pgp.mit.edu --recv-key 092164A7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110114/74745f30/attachment.bin>
More information about the bind-users
mailing list