key signing
Alan Batie
alan at peak.org
Tue Mar 10 22:39:52 UTC 2020
I've got a test domain that I thought I had all working, but noticed the
key signing key was missing, so I generated one and did an rndc loadkeys
to get things updated, then generated a ds record for it and uploaded
that to the registrar, however, it still shows broken, and when I look,
I see that the zone signing key 28998 is self-signed, rather than being
signed by the zsk 30841? Am I misunderstanding something here?
keys/Kcascocom.com.+008+28998.key:; This is a zone-signing key, keyid
28998, for cascocom.com.
keys/Kcascocom.com.+008+30841.key:; This is a key-signing key, keyid
30841, for cascocom.com.
;; ANSWER SECTION:
cascocom.com. 3600 IN DNSKEY 256 3 8
AwEAAbzsNZ6nTPgAjprXeuInoS24oSvDktzfDJxbd01Ggbpg+DCFHNQI
W9O2PlujvKPNZWw4I0lYNTREF4y3gl4sgBPRjaxv1Y274WBMgl/zNcDV
V7wBXBSHS3k/52HbP/KlL9kuxBKPbl40Kji3Fj2ZOpPuXxM+Y0uaYWeS 0kCgfs2h ;
ZSK; alg = RSASHA256 ; key id = 28998
cascocom.com. 3600 IN RRSIG DNSKEY 8 2 3600 20200409011715
20200310001715 28998 cascocom.com.
R2yjLkUxmoA8JEmcyaRx/t43OZXINXBjDTA0HhxBgtwhIIK9DRq7RnW1
bNjN88qqzGqjWIIE+AG7Xk+8PXRAUeyQzWFDkMrqbg/qxlBvK+MgMlTJ
VdWp2UdoDEn7A6feGNuoS7eBCDD+d+/DDjWZFU3D3YAIr6B7nJiu0hHF 8RQ=
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4036 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200310/27ff92a5/attachment.bin>
More information about the bind-users
mailing list