How do I insert "CDS 0 0 0 0"?

Mark Andrews marka at isc.org
Sun Oct 4 13:02:41 UTC 2020


Use up to date software. 

-- 
Mark Andrews

> On 4 Oct 2020, at 23:48, Mark Elkins <mje at posix.co.za> wrote:
> 
>  What is the magic incantation to inserting a "CDS 0 0 0 0" record in BIND.
> Version - BIND 9.16.6 (Stable Release)
> I've read RFC8070 - which says...  (https://tools.ietf.org/html/rfc8078)
> The contents of the CDS or CDNSKEY RRset MUST contain one RR and only
>    contain the exact fields as shown below.
> 
>       CDS 0 0 0 0
> 
>       CDNSKEY 0 3 0 0
> 
> In Knot docs... https://ripe75.ripe.net/presentations/123-CDNSKEY-FRED-KNOT-RIPE75.pdf
> it says...
> 
> DS deletion via "CDNSKEY 0 3 0 AA==" or "CDS 0 0 0 00" must be done manually
> 
> In https://www.nic.ch/export/shared/.content/files/SWITCH_CDS_Manual_en.pdf it says...
> 
> A child zone can also signal to turn off DNSSEC by removing the DS record set in the parent zone.
> In this case, the operator may publish a special CDS record which must exactly match:
> CDS 0 0 0 00
> 
> 
> I have a zone called "nodnssec.edu.za".
> 
> In a text zone - if I add:-
> 
> CDS     0 0 0 0
> 
> I get:-   (from running: /usr/sbin/named-checkconf -z /etc/bind/named.conf | grep nodnssec)
> 
> _default/nodnssec.edu.za/IN: bad hex encoding
> dns_rdata_fromtext: db.nodnssec.edu.za:17: near eol: bad hex encoding
> zone nodnssec.edu.za/IN: loading from master file db.nodnssec.edu.za failed: bad hex encoding
> zone nodnssec.edu.za/IN: not loaded due to errors.
> 
> CDS     0 0 0 00   gives me.... 
> 
> _default/nodnssec.edu.za/IN: bad CDS
> zone nodnssec.edu.za/IN: CDS/CDNSKEY consistency checks failed
> zone nodnssec.edu.za/IN: not loaded due to errors.
> 
> I've also tried a null string - CDS     0 0 0 ""    - no joy.
> 
> So what should I add?
> 
> I've seen a record hosted by Cloudflare.... for revolution.edu.za, DIG shows that as "CDS     0 0 0 00" and the NET_DNS2 software shows it as...  "CDS     0 0 0 " (no digest at all).
> 
> 
> 
> 
> 
> 
> 
> -- 
> Mark James ELKINS  -  Posix Systems - (South) Africa
> mje at posix.co.za       Tel: +27.826010496
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
> 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20201005/81a2d80b/attachment.htm>


More information about the bind-users mailing list