DNSSEC DSSET & KEYSET
Michael Sinatra
michael at rancid.berkeley.edu
Thu Jan 28 16:10:53 UTC 2010
On 01/28/10 07:57, prock111 at yahoo.com wrote:
> That was very helpful. Thanks.
>
> One last query. For signed domains registered with and using ISC.ORG trust anchor, is there a sanity check similar to what you displayed below?
If you mean ISC DLV registry, that service continually does sanity
checks on domains that are registered with it. If you register your
domain with ISC DLV, it will notify you if your zone keys are
inconsistent or broken.
Be aware, though, if you register with DLV, there are resolvers that
will try to validate your domain. Ideally, you should make sure that
you are good to go before registering it. That includes re-signing your
zone(s) periodically to prevent the signatures from expiring.
michael
More information about the bind-users
mailing list