bind-users Digest, Vol 538, Issue 1
rams
bramesh80 at gmail.com
Mon Jun 7 13:21:23 UTC 2010
Hi ,
When we resign using "dnssec-signzone -o <zone name> -f <new zone file name>
<signed zone file>" , we don't get SOA incremented . In general AXFR looks
for SOA comparison to reload zone file. In this case how will AXFR happen?
Thanks & Regards,
Ramesh
On Mon, Jun 7, 2010 at 5:30 PM, <bind-users-request at lists.isc.org> wrote:
> Send bind-users mailing list submissions to
> bind-users at lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
> bind-users-request at lists.isc.org
>
> You can reach the person managing the list at
> bind-users-owner at lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
> 1. .org registrars allowing DS records (itservices88)
> 2. Re: .org registrars allowing DS records (Kevin Oberman)
> 3. Re: .org registrars allowing DS records (Doug Barton)
> 4. Re: .org registrars allowing DS records (Mark Andrews)
> 5. Re: .org registrars allowing DS records (itservices88)
> 6. how to resign a zone (rams)
> 7. Re: how to resign a zone (Alan Clegg)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 6 Jun 2010 11:36:43 -0700
> From: itservices88 <itservices88 at gmail.com>
> Subject: .org registrars allowing DS records
> To: bind-users at lists.isc.org
> Message-ID:
> <AANLkTimwvWOTH3YIqXUz-v5eQ0YLjbRb9jAZgYL7XEBZ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I am using godaddy.com for my .org domains and as per the customer support
> replies, they donot support DNSSEC and thus cannot add DS records for my
> domains.
>
> Which other registrars people are using that allow DS records.
>
> Thanks
> -dani
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20100606/d0704f3b/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Sun, 06 Jun 2010 17:14:27 -0700
> From: "Kevin Oberman" <oberman at es.net>
> Subject: Re: .org registrars allowing DS records
> To: itservices88 <itservices88 at gmail.com>
> Cc: bind-users at lists.isc.org
> Message-ID: <20100607001427.7E7161CC37 at ptavv.es.net>
> Content-Type: text/plain; charset=us-ascii
>
> > I am using godaddy.com for my .org domains and as per the customer
> support
> > replies, they donot support DNSSEC and thus cannot add DS records for my
> > domains.
> >
> > Which other registrars people are using that allow DS records.
> >
> > Thanks
> > -dani
>
> Last I checked, .org, while signed, was not yet accepting DS records from
> anyone. I suspect that no gtld other than .gov will accept them until the
> root
> is signed next month.
>
> I do know that afilias was certifying registrars and I believe that they
> will
> be releasing a list of those registrars that are certified, but that will
> not
> mean that they will be accepting them immediately.
>
> Until then, dlv.isc.org is the best (only?) option.
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: oberman at es.net Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Sun, 06 Jun 2010 17:24:07 -0700
> From: Doug Barton <dougb at dougbarton.us>
> Subject: Re: .org registrars allowing DS records
> To: Kevin Oberman <oberman at es.net>
> Cc: bind-users at lists.isc.org
> Message-ID: <4C0C3C27.2050401 at dougbarton.us>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 06/06/10 17:14, Kevin Oberman wrote:
> >> I am using godaddy.com for my .org domains and as per the customer
> support
> >> replies, they donot support DNSSEC and thus cannot add DS records for my
> >> domains.
> >>
> >> Which other registrars people are using that allow DS records.
> >>
> >> Thanks
> >> -dani
> >
> > Last I checked, .org, while signed, was not yet accepting DS records from
> > anyone. I suspect that no gtld other than .gov will accept them until the
> root
> > is signed next month.
> >
> > I do know that afilias was certifying registrars and I believe that they
> will
> > be releasing a list of those registrars that are certified, but that will
> not
> > mean that they will be accepting them immediately.
>
> Basically correct, yes. For ORG, keep your eye on the following list:
> http://www.pir.org/get/registrars
>
>
> hth,
>
> Doug
>
> > Until then, dlv.isc.org is the best (only?) option.
>
>
>
> --
>
> ... and that's just a little bit of history repeating.
> -- Propellerheads
>
> Improve the effectiveness of your Internet presence with
> a domain name makeover! http://SupersetSolutions.com/<http://supersetsolutions.com/>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 07 Jun 2010 11:47:34 +1000
> From: Mark Andrews <marka at isc.org>
> Subject: Re: .org registrars allowing DS records
> To: "Kevin Oberman" <oberman at es.net>
> Cc: bind-users at lists.isc.org
> Message-ID: <201006070147.o571lYLt004983 at drugs.dv.isc.org>
>
>
> In message <20100607001427.7E7161CC37 at ptavv.es.net>, "Kevin Oberman"
> writes:
> > > I am using godaddy.com for my .org domains and as per the customer
> support
> > > replies, they donot support DNSSEC and thus cannot add DS records for
> my
> > > domains.
> > >
> > > Which other registrars people are using that allow DS records.
> > >
> > > Thanks
> > > -dani
> >
> > Last I checked, .org, while signed, was not yet accepting DS records from
> > anyone. I suspect that no gtld other than .gov will accept them until the
> roo
> > t
> > is signed next month.
>
> PIR announced 90 days from the 15th of March, that is this month, before
> the root is signed. That 90 days expires next Sunday.
>
> ".ORG will enable second level signing in June 2010, the root will
> follow shortly after, and in early 2011 .COM and .NET will also be
> signed."
>
> http://www.pir.org/blog/2010/90daydnssec
>
> > I do know that afilias was certifying registrars and I believe that they
> will
> >
> > be releasing a list of those registrars that are certified, but that will
> not
> >
> > mean that they will be accepting them immediately.
> >
> > Until then, dlv.isc.org is the best (only?) option.
> > --
> > R. Kevin Oberman, Network Engineer
> > Energy Sciences Network (ESnet)
> > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> > E-mail: oberman at es.net Phone: +1 510 486-8634
> > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
> >
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
>
> ------------------------------
>
> Message: 5
> Date: Sun, 6 Jun 2010 19:33:21 -0700
> From: itservices88 <itservices88 at gmail.com>
> Subject: Re: .org registrars allowing DS records
> To: Mark Andrews <marka at isc.org>
> Cc: bind-users at lists.isc.org
> Message-ID:
> <AANLkTikJq8jdHcRVRPEy1DEqB0Gk4LwugPOZX1uHuBHH at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Thanks All.
>
> -dani
>
> On Sun, Jun 6, 2010 at 6:47 PM, Mark Andrews <marka at isc.org> wrote:
>
> >
> > In message <20100607001427.7E7161CC37 at ptavv.es.net>, "Kevin Oberman"
> > writes:
> > > > I am using godaddy.com for my .org domains and as per the customer
> > support
> > > > replies, they donot support DNSSEC and thus cannot add DS records for
> > my
> > > > domains.
> > > >
> > > > Which other registrars people are using that allow DS records.
> > > >
> > > > Thanks
> > > > -dani
> > >
> > > Last I checked, .org, while signed, was not yet accepting DS records
> from
> > > anyone. I suspect that no gtld other than .gov will accept them until
> the
> > roo
> > > t
> > > is signed next month.
> >
> > PIR announced 90 days from the 15th of March, that is this month, before
> > the root is signed. That 90 days expires next Sunday.
> >
> > ".ORG will enable second level signing in June 2010, the root will
> > follow shortly after, and in early 2011 .COM and .NET will also be
> > signed."
> >
> > http://www.pir.org/blog/2010/90daydnssec
> >
> > > I do know that afilias was certifying registrars and I believe that
> they
> > will
> > >
> > > be releasing a list of those registrars that are certified, but that
> will
> > not
> > >
> > > mean that they will be accepting them immediately.
> > >
> > > Until then, dlv.isc.org is the best (only?) option.
> > > --
> > > R. Kevin Oberman, Network Engineer
> > > Energy Sciences Network (ESnet)
> > > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> > > E-mail: oberman at es.net Phone: +1 510 486-8634
> > > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
> > >
> > >
> > > _______________________________________________
> > > bind-users mailing list
> > > bind-users at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20100606/9c584c1f/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 6
> Date: Mon, 7 Jun 2010 08:58:20 +0530
> From: rams <bramesh80 at gmail.com>
> Subject: how to resign a zone
> To: bind-users <bind-users at lists.isc.org>
> Message-ID:
> <AANLkTik-IXXoivRrSgM3lhiVndPA3sC4rVd5x9id1-Hl at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> How to resign a zone?
>
> Thanks & Regards,
> Ramesh
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20100607/f57f3819/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 7
> Date: Mon, 07 Jun 2010 06:41:31 -0400
> From: Alan Clegg <aclegg at isc.org>
> Subject: Re: how to resign a zone
> To: bind-users at lists.isc.org
> Message-ID: <4C0CCCDB.3050201 at isc.org>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On 6/6/2010 11:28 PM, rams wrote:
> > Hi,
> >
> > How to resign a zone?
>
> Make it dynamic, allow BIND to have access to the keys and you don't
> have to do anything "manually".
>
> If you don't have (or want to use) that option, you need to run
> "dnssec-signzone" on the signed data (to refresh existing signatures) or
> on the original input file (if you want to generate all new signatures).
>
> AlanC
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 260 bytes
> Desc: OpenPGP digital signature
> URL: <
> https://lists.isc.org/pipermail/bind-users/attachments/20100607/e1bb8056/attachment-0001.bin
> >
>
> ------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> End of bind-users Digest, Vol 538, Issue 1
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100607/266e4843/attachment.html>
More information about the bind-users
mailing list