how to proper include DS record on key dnssec

fakessh @ fakessh at
Fri Jan 14 02:11:14 UTC 2011

hello bind network  and hello dnssec network admin.

thank you for answered, 
I think I found a solution to my problem. 
$INCLUDE directive is that I have to handle

	$INCLUDE /var/named/keys/
        $INCLUDE /var/named/keys/

and perform a complete resignatures area zone
this should enable me to have the flag DS and DS sign, DLV and DLV sign
in my area zone

its right

thanks for your return many return are welcome

Le jeudi 13 janvier 2011 à 12:36 -0500, Paul Wouters a écrit :
> On Thu, 13 Jan 2011, fakessh @ wrote:
> > I correctly configure my server centos dnssec on with as a
> > representative of encryptions dlv isc. my question is relevant and was
> > already asked but I have not found the complete answer on google. my
> > question is how to include the DS record in the Keys. my keys are in a
> > separate folder. the DS record is already generated in
> The DS record goes into the parent zone, not the zone itself.
> > I also wonder the utility of this good record given that my signatures
> > are marked as good on dlv
> Use any public DNS server with dlv configured. eg
> dig +dnssec -t ds yourzone
> > what file in the include directive must be accomplished and realize how
> > well inclusion of the DS record (what should be the proper syntax on how
> > to declare dlv isc) how to re-sign after the keys
> You give your DS via
> Paul
gpg --keyserver --recv-key 092164A7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <>

More information about the bind-users mailing list