bind-users Digest, Vol 538, Issue 1
Warren Kumari
warren at kumari.net
Mon Jun 7 13:43:20 UTC 2010
wkumari at lisa:~$ man dnssec-signzone
[SNIP]
-N soa-serial-format
The SOA serial number format of the signed zone. Possible
formats are "keep" (default), "increment" and "unixtime".
"keep"
Do not modify the SOA serial number.
"increment"
Increment the SOA serial number using RFC 1982
arithmetics.
"unixtime"
Set the SOA serial number to the number of seconds
since epoch.
[SNIP]
W
On Jun 7, 2010, at 9:21 AM, rams wrote:
> Hi ,
>
> When we resign using "dnssec-signzone -o <zone name> -f <new zone
> file name> <signed zone file>" , we don't get SOA incremented . In
> general AXFR looks for SOA comparison to reload zone file. In this
> case how will AXFR happen?
>
>
> Thanks & Regards,
> Ramesh
>
>
>
>
> On Mon, Jun 7, 2010 at 5:30 PM, <bind-users-request at lists.isc.org>
> wrote:
> Send bind-users mailing list submissions to
> bind-users at lists.isc.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.isc.org/mailman/listinfo/bind-users
> or, via email, send a message with subject or body 'help' to
> bind-users-request at lists.isc.org
>
> You can reach the person managing the list at
> bind-users-owner at lists.isc.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of bind-users digest..."
>
>
> Today's Topics:
>
> 1. .org registrars allowing DS records (itservices88)
> 2. Re: .org registrars allowing DS records (Kevin Oberman)
> 3. Re: .org registrars allowing DS records (Doug Barton)
> 4. Re: .org registrars allowing DS records (Mark Andrews)
> 5. Re: .org registrars allowing DS records (itservices88)
> 6. how to resign a zone (rams)
> 7. Re: how to resign a zone (Alan Clegg)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 6 Jun 2010 11:36:43 -0700
> From: itservices88 <itservices88 at gmail.com>
> Subject: .org registrars allowing DS records
> To: bind-users at lists.isc.org
> Message-ID:
> <AANLkTimwvWOTH3YIqXUz-v5eQ0YLjbRb9jAZgYL7XEBZ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I am using godaddy.com for my .org domains and as per the customer
> support
> replies, they donot support DNSSEC and thus cannot add DS records
> for my
> domains.
>
> Which other registrars people are using that allow DS records.
>
> Thanks
> -dani
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100606/d0704f3b/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Sun, 06 Jun 2010 17:14:27 -0700
> From: "Kevin Oberman" <oberman at es.net>
> Subject: Re: .org registrars allowing DS records
> To: itservices88 <itservices88 at gmail.com>
> Cc: bind-users at lists.isc.org
> Message-ID: <20100607001427.7E7161CC37 at ptavv.es.net>
> Content-Type: text/plain; charset=us-ascii
>
> > I am using godaddy.com for my .org domains and as per the customer
> support
> > replies, they donot support DNSSEC and thus cannot add DS records
> for my
> > domains.
> >
> > Which other registrars people are using that allow DS records.
> >
> > Thanks
> > -dani
>
> Last I checked, .org, while signed, was not yet accepting DS records
> from
> anyone. I suspect that no gtld other than .gov will accept them
> until the root
> is signed next month.
>
> I do know that afilias was certifying registrars and I believe that
> they will
> be releasing a list of those registrars that are certified, but that
> will not
> mean that they will be accepting them immediately.
>
> Until then, dlv.isc.org is the best (only?) option.
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: oberman at es.net Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Sun, 06 Jun 2010 17:24:07 -0700
> From: Doug Barton <dougb at dougbarton.us>
> Subject: Re: .org registrars allowing DS records
> To: Kevin Oberman <oberman at es.net>
> Cc: bind-users at lists.isc.org
> Message-ID: <4C0C3C27.2050401 at dougbarton.us>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 06/06/10 17:14, Kevin Oberman wrote:
> >> I am using godaddy.com for my .org domains and as per the
> customer support
> >> replies, they donot support DNSSEC and thus cannot add DS records
> for my
> >> domains.
> >>
> >> Which other registrars people are using that allow DS records.
> >>
> >> Thanks
> >> -dani
> >
> > Last I checked, .org, while signed, was not yet accepting DS
> records from
> > anyone. I suspect that no gtld other than .gov will accept them
> until the root
> > is signed next month.
> >
> > I do know that afilias was certifying registrars and I believe
> that they will
> > be releasing a list of those registrars that are certified, but
> that will not
> > mean that they will be accepting them immediately.
>
> Basically correct, yes. For ORG, keep your eye on the following list:
> http://www.pir.org/get/registrars
>
>
> hth,
>
> Doug
>
> > Until then, dlv.isc.org is the best (only?) option.
>
>
>
> --
>
> ... and that's just a little bit of history repeating.
> -- Propellerheads
>
> Improve the effectiveness of your Internet presence with
> a domain name makeover! http://SupersetSolutions.com/
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 07 Jun 2010 11:47:34 +1000
> From: Mark Andrews <marka at isc.org>
> Subject: Re: .org registrars allowing DS records
> To: "Kevin Oberman" <oberman at es.net>
> Cc: bind-users at lists.isc.org
> Message-ID: <201006070147.o571lYLt004983 at drugs.dv.isc.org>
>
>
> In message <20100607001427.7E7161CC37 at ptavv.es.net>, "Kevin Oberman"
> writes:
> > > I am using godaddy.com for my .org domains and as per the
> customer support
> > > replies, they donot support DNSSEC and thus cannot add DS
> records for my
> > > domains.
> > >
> > > Which other registrars people are using that allow DS records.
> > >
> > > Thanks
> > > -dani
> >
> > Last I checked, .org, while signed, was not yet accepting DS
> records from
> > anyone. I suspect that no gtld other than .gov will accept them
> until the roo
> > t
> > is signed next month.
>
> PIR announced 90 days from the 15th of March, that is this month,
> before
> the root is signed. That 90 days expires next Sunday.
>
> ".ORG will enable second level signing in June 2010, the root will
> follow shortly after, and in early 2011 .COM and .NET will also be
> signed."
>
> http://www.pir.org/blog/2010/90daydnssec
>
> > I do know that afilias was certifying registrars and I believe
> that they will
> >
> > be releasing a list of those registrars that are certified, but
> that will not
> >
> > mean that they will be accepting them immediately.
> >
> > Until then, dlv.isc.org is the best (only?) option.
> > --
> > R. Kevin Oberman, Network Engineer
> > Energy Sciences Network (ESnet)
> > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> > E-mail: oberman at es.net Phone: +1 510 486-8634
> > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
> >
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
>
> ------------------------------
>
> Message: 5
> Date: Sun, 6 Jun 2010 19:33:21 -0700
> From: itservices88 <itservices88 at gmail.com>
> Subject: Re: .org registrars allowing DS records
> To: Mark Andrews <marka at isc.org>
> Cc: bind-users at lists.isc.org
> Message-ID:
> <AANLkTikJq8jdHcRVRPEy1DEqB0Gk4LwugPOZX1uHuBHH at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Thanks All.
>
> -dani
>
> On Sun, Jun 6, 2010 at 6:47 PM, Mark Andrews <marka at isc.org> wrote:
>
> >
> > In message <20100607001427.7E7161CC37 at ptavv.es.net>, "Kevin Oberman"
> > writes:
> > > > I am using godaddy.com for my .org domains and as per the
> customer
> > support
> > > > replies, they donot support DNSSEC and thus cannot add DS
> records for
> > my
> > > > domains.
> > > >
> > > > Which other registrars people are using that allow DS records.
> > > >
> > > > Thanks
> > > > -dani
> > >
> > > Last I checked, .org, while signed, was not yet accepting DS
> records from
> > > anyone. I suspect that no gtld other than .gov will accept them
> until the
> > roo
> > > t
> > > is signed next month.
> >
> > PIR announced 90 days from the 15th of March, that is this month,
> before
> > the root is signed. That 90 days expires next Sunday.
> >
> > ".ORG will enable second level signing in June 2010, the root will
> > follow shortly after, and in early 2011 .COM and .NET will also be
> > signed."
> >
> > http://www.pir.org/blog/2010/90daydnssec
> >
> > > I do know that afilias was certifying registrars and I believe
> that they
> > will
> > >
> > > be releasing a list of those registrars that are certified, but
> that will
> > not
> > >
> > > mean that they will be accepting them immediately.
> > >
> > > Until then, dlv.isc.org is the best (only?) option.
> > > --
> > > R. Kevin Oberman, Network Engineer
> > > Energy Sciences Network (ESnet)
> > > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> > > E-mail: oberman at es.net Phone: +1 510
> 486-8634
> > > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
> > >
> > >
> > > _______________________________________________
> > > bind-users mailing list
> > > bind-users at lists.isc.org
> > > https://lists.isc.org/mailman/listinfo/bind-users
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100606/9c584c1f/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 6
> Date: Mon, 7 Jun 2010 08:58:20 +0530
> From: rams <bramesh80 at gmail.com>
> Subject: how to resign a zone
> To: bind-users <bind-users at lists.isc.org>
> Message-ID:
> <AANLkTik-IXXoivRrSgM3lhiVndPA3sC4rVd5x9id1-Hl at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> How to resign a zone?
>
> Thanks & Regards,
> Ramesh
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100607/f57f3819/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 7
> Date: Mon, 07 Jun 2010 06:41:31 -0400
> From: Alan Clegg <aclegg at isc.org>
> Subject: Re: how to resign a zone
> To: bind-users at lists.isc.org
> Message-ID: <4C0CCCDB.3050201 at isc.org>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On 6/6/2010 11:28 PM, rams wrote:
> > Hi,
> >
> > How to resign a zone?
>
> Make it dynamic, allow BIND to have access to the keys and you don't
> have to do anything "manually".
>
> If you don't have (or want to use) that option, you need to run
> "dnssec-signzone" on the signed data (to refresh existing
> signatures) or
> on the original input file (if you want to generate all new
> signatures).
>
> AlanC
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: signature.asc
> Type: application/pgp-signature
> Size: 260 bytes
> Desc: OpenPGP digital signature
> URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100607/e1bb8056/attachment-0001.bin
> >
>
> ------------------------------
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> End of bind-users Digest, Vol 538, Issue 1
> ******************************************
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
"When it comes to glittering objects, wizards have all the taste and
self-control of a deranged magpie."
-- Terry Pratchett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100607/b26b81ef/attachment.html>
More information about the bind-users
mailing list