How to Setup DNSSEC
pangj
pangj at riseup.net
Wed Oct 17 04:10:38 UTC 2012
IMO, a resolver will have the ability to get the public key of a ZSK for
validating the signed RR. How will it get this public key?
And, is the usage of a KSK similiar to the CA certificate?
Thanks again.
于 2012-10-17 11:25, Alan Clegg 写道:
>
> On Oct 16, 2012, at 8:17 PM, pangj <pangj at riseup.net> wrote:
>
>> 于 2012-10-17 11:10, Alan Clegg 写道:
>>> No, it means that I haven't inserted the DS record for dnslab.org into the .org zone.
>>
>> for DS record's data, is it the public key of ZSK? thanks.
>
> No, it's a hash of the KSK.
>
> AlanC
>
More information about the bind-users
mailing list