Automated DNSSEC (command line)

Michelle Konzack linux4michelle at tamay-dogan.net
Fri May 28 22:52:22 UTC 2010


Hello Michael,

Am 2010-05-28 14:40:30, hacktest Du folgendes herunter:
> Check out zkt (http://www.hznet.de/dns/zkt/).
> 
> There are a few more involved tools out there, but zkt sounds like
> what you want.

OK...

> >Can an expert please check  'dig ANY tamay-dogan.net'  whether  this  is
> >right?
> Looks good to me.  The sigs seem to be within their validity
> interval, but there doesn't appear a DLV record in dlv.isc.org, so I

Right, it was setup for some hours in a experimet and is  currently  not
setup with DLV.

> can't validate.  (Actually, I *could* snarf the ksk from the ANY
> query and manually configure it as a trust anchor, but I am lazy.
> Moreover, that won't tell us if something goes wrong if/when you
> publish a trust-anchor DLV record or DS record, when NET becomes
> signed.)

I have some problems with understanding "DNSSEC in 6 Minutes" from ISC.

> default in recent versions of BIND.  You still need to configure a
> trust anchor (or anchors) if you want to do validation.

This is what i have not understand currently...

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems at tdnet France EURL       itsystems at tdnet UG (limited liability)
Owner Michelle Konzack            Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz                 Kinzigstraße 17
67100 Strasbourg/France           77694 Kehl/Germany
Tel: +33-6-61925193 mobil         Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/>  <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/>         <http://www.can4linux.org/>

Jabber linux4michelle at jabber.ccc.de
ICQ    #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.pgp
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100529/0b7f12ac/attachment.bin>


More information about the bind-users mailing list