DNSSEC Godaddy Style
Alan Clegg
alan at clegg.com
Wed Aug 21 13:28:01 UTC 2013
On Aug 21, 2013, at 9:21 AM, Eric Davis <eric at mail.rockefeller.edu> wrote:
> Anyone have any experience uploading DS records to Godaddy? They are asking for the Digest in addition to the public key and I’m a little lost. What is the digest and how can I find it? I’m using an Infoblox appliance.(i know…cringe!)
They are looking for the hash of the KSK. Seems a bit silly to need them both, as one can generate the hash from the keying material:
Key:
clegg.com. 3600 IN DNSKEY 257 3 8 (
AwEAAZi/6ZtbhxnY6EO3YtkyYdH4anYTvikx6NGlLZFy
WzSs1T/kJ3jOC3V/yMFEgUnBAwFa62BnT7yyrNAS7jN1
/wAo1zsxD5QiJOrt5j3EwC6atYAsh2mUzTkauLnmJznh
63EnN1YFrs//eE7TxdYWnQlO3o5i9EJG4LPhzEGIsOZZ
BoceqlWpZ016kGIbvA1Tqr7+APX03Ug/vwH9jzSI1kzL
wQrHmFQ1HXPeLglI4LUHMydgHpPcrgLTjYuDX2hlcoYM
T6Xjt5zWj26jRd7blOjK2C8CI958BL3TDzSk8aEbUniD
En9f+o7MUI0pPtcoxjCZwNEmf4NPP/b9LAtnkxU=
) ; KSK; alg = RSASHA256; key id = 14560
aclegg at puer /etc/namedb/keys $ dnssec-dsfromkey Kclegg.com.+008+14560
clegg.com. IN DS 14560 8 1 25DB24A4E6B7E0DB355B13B75B2EE4803FC901E6
clegg.com. IN DS 14560 8 2 73B29380A8AEB96A20C36B1E6778D37E0C64641ABE413F805F38908FB97C3347
Digests are the stuff over here ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AlanC
--
Alan Clegg | +1-919-355-8851 | alan at clegg.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130821/2f3c058b/attachment.bin>
More information about the bind-users
mailing list