DS digest type(s)
Danilo Godec
danilo.godec at agenda.si
Thu Oct 17 07:45:21 UTC 2024
Thanks,
now that I know what to look for, I found the docs for it.
Maybe worth mentioning that /cds-digest-types/ is not available in
9.18.x, as it has been introduced in 9.19.11.
Danilo
On 16. 10. 24 23:24, Mark Andrews wrote:
>
>> On 16 Oct 2024, at 23:00, Danilo Godec via bind-users<bind-users at lists.isc.org> wrote:
>>
>> Hi,
>>
>>
>> I've been doing some more reading into DNSSEC and if I understand correctly, it is allowed to have multiple DS records for one KSK - with different digest types. Apparently, SHA-1 is deprecated and shouldn't be used anymore, while SHA-256 is mandatory and has to exist.
>>
>> That leaves SHA-384, which is optional and I can generate manually with 'dnssec-dsfromkey'. Since I have to ask my registrar to add DS records to parent zones (.eu in this case), I can just send them both records, right?
>>
>>
>> Is it also possible to have dnssec-policy to generate both digest types as CDS records?
> cds-digest-types { "sha-256"; "sha-384"; };
>
>> Regards,
>>
>> Danilo
>>
>>
>> --
>> Visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions. Contact us athttps://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
Lep pozdrav / Best regards,
--
Danilo Godec | Sistemska podpora / System Administration
AGENDA d.o.o. | Ul. Pohorskega bataljona 49, Sl-2000 Maribor
E: danilo.godec at agenda.si | T: +386 (0)2 421 61 31
Agenda OpenSystems <https://www.agenda.si/> | Največji slovenski
odprtokodni integrator
Red Hat v Sloveniji <http://www.redhat.si/> | Red Hat Premier Business
Partner
ElasticBox <http://elasticbox.eu/> | Poslovne rešitve v oblaku
Agenda d.o.o. <https://www.agenda.si/>
Izjava o omejitvi odgovornosti / Legal disclaimer statement
<https://www.agenda.si/index.php?id=228>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20241017/30bd2f01/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: w4QoM6sdgbZlHqJW.webp
Type: image/webp
Size: 2176 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20241017/30bd2f01/attachment.webp>
More information about the bind-users
mailing list