inconsistency dnssec debuguers response and writing conseil for new areas zone
Torinthiel
torinthiel at data.pl
Tue Mar 1 20:00:38 UTC 2011
On 03/01/11 20:17, fakessh @ wrote:
> is the repeat isc dlv seems to accept the flag DS
> in my case i have to a file dsset-fakessh.eu
> but the file contains two keys DS and i don't know which to use
The DS you have are both for the same key, only one is SHA1 and other
SHA256. You could try any of them, but see below.
ISC DLV accepts keys, you have to create an account, add your zone and
keys for it. I remember having some trouble trying to add DS records,
but DNSKEY worked fine. Of course the zone has to be signed using that
key, and ISC asks you to add a TXT record at dlv.your.zone (or something
similar) to prove your ability to modify the zone.
The procedure is simple and well defined.
And about OVH - I don't know if it's related, but I've asked Polish OVH
how about providing DNSSEC, as .pl is planned to be signed mid-year, and
they've answered me they will probably be ready. This might, or might
not be related to providing DNSSEC by other OVH branches and for other
registries.
Torinthiel
More information about the bind-users
mailing list