<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<p>They do, and I had forgotten that. But I don't know where to get
the DS record I'd place. I tried querying bind, but all I got back
was someone's SOA record:</p>
<p>; <<>> DiG 9.16.12 <<>> @localhost ds
eglifamily.name<br>
; (2 servers found)<br>
;; global options: +cmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
62605<br>
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
1<br>
<br>
;; OPT PSEUDOSECTION:<br>
; EDNS: version: 0, flags:; udp: 1232<br>
; COOKIE: 8761a3c0b39eccab010000006099729d88739143bbe8c230 (good)<br>
;; QUESTION SECTION:<br>
;eglifamily.name. IN DS<br>
<br>
;; AUTHORITY SECTION:<br>
name. 10794 IN SOA ac1.nstld.com.
info.verisign-grs.com. 1620669036 1800 900 604800 86400<br>
<br>
;; Query time: 10 msec<br>
;; SERVER: ::1#53(::1)<br>
;; WHEN: Mon May 10 11:51:25 MDT 2021<br>
;; MSG SIZE rcvd: 142<br>
</p>
<p>Where do I get the DS record, since i'm using bind's inline
signing?<br>
</p>
<div class="moz-cite-prefix">On 5/10/2021 3:29 AM, John W. Blue via
bind-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:629f4963-b50c-47db-b532-ba48da9566a6@rrcic.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text -->
<style>.EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; }</style>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12.0pt; line-height:1.3; color:#1F497D">
<div>Hello Dan.<br>
<br>
Does your registrar have the ability via a UI to place a DS
record in the .name zone?<br>
<br>
And if so, have you done that already?<br>
<br>
John<br>
</div>
<div><br>
</div>
<div id="x_signature-x" class="x_signature_editor"
style="font-family:Calibri,Arial,Helvetica,sans-serif;
font-size:12.0pt; color:#1F497D">
Sent from <a href="http://www.9folders.com/"
style="text-decoration:none; color:#009BDF"
moz-do-not-send="true">
Nine</a><br>
</div>
</div>
<div id="x_quoted_header" style="clear:both">
<hr style="border:none; height:1px; color:#E1E1E1;
background-color:#E1E1E1">
<div style="border:none; padding:3.0pt 0cm 0cm 0cm"><span
style="font-size:11.0pt;
font-family:'Calibri','sans-serif'"><b>From:</b> Dan Egli
<a class="moz-txt-link-rfc2396E" href="mailto:dan@newideatest.site"><dan@newideatest.site></a><br>
<b>Sent:</b> Monday, May 10, 2021 12:20 AM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<b>Subject:</b> Inline signing fails dnsviz test.<br>
</span></div>
</div>
<br type="attribution">
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">I tried to setup inline signing on my
DNS server, and after reading the
<br>
results from DNSVIZ, i'd say I was PARTIALLY successful, but
there still <br>
seems to be a lot missing.<br>
<br>
You can check the status on dnsviz yourself with the names <br>
eglifamily.name and newideatest.site. Both resulted in
nearly identical <br>
responses, wtih a lot of warning and some errors. A few of
those errors <br>
I could blame on my backup DNS provider. You get what you
pay for and <br>
they are free. But not everything could be blamed on them.<br>
<br>
I've attached a PNG of the output. Hopefully it comes
through. <br>
Meanwhile, here's the zone statements from my named.conf:<br>
<br>
view "standard" IN {<br>
zone "eglifamily.name" {<br>
type master;<br>
file "pri/eglifamily.zone";<br>
allow-query { any; };<br>
allow-transfer {<br>
108.61.224.67; 116.203.6.3;
107.191.99.111; <br>
185.22.172.112; 103.6.87.125; 192.184.93.99; 119.252.20.56;
<br>
31.220.30.73; 185.34.136.178; 185.136.176.247; 45.77.29.133;
<br>
116.203.0.64; 167.88.161.228; 199.195.249.208;
104.244.78.122; <br>
2605:6400:30:fd6e::3; 2605:6400:10:65::3;
2605:6400:20:d5e::3; <br>
2a01:4f8:1c0c:8122::3; 2001:19f0:7001:381::3;
2a06:fdc0:fade:2f7::1; <br>
2a00:dcc7:d3ff:88b2::1; 2a04:bdc7:100:1b::3; <br>
2401:1400:1:1201::1:7853:1a5; 2604:180:1:92a::3;
2403:2500:4000::f3e; <br>
2a00:1838:20:2::cd5e:68e9; 2604:180:2:4cf::3;
2a01:4f8:1c0c:8115::3; <br>
2001:19f0:6400:8642::3;<br>
};<br>
// also-notify { 1.2.3.4; }; // none for now<br>
allow-update
{ trusted; };<br>
key-directory "/var/bind/pri/keys";<br>
auto-dnssec maintain;<br>
inline-signing yes;<br>
};<br>
<br>
zone "newideatest.site" {<br>
type master;<br>
file "pri/newideatest.zone";<br>
allow-query { any; };<br>
allow-transfer {<br>
108.61.224.67; 116.203.6.3;
107.191.99.111; <br>
185.22.172.112; 103.6.87.125; 192.184.93.99; 119.252.20.56;
<br>
31.220.30.73; 185.34.136.178; 185.136.176.247; 45.77.29.133;
<br>
116.203.0.64; 167.88.161.228; 199.195.249.208;
104.244.78.122; <br>
2605:6400:30:fd6e::3; 2605:6400:10:65::3;
2605:6400:20:d5e::3; <br>
2a01:4f8:1c0c:8122::3; 2001:19f0:7001:381::3;
2a06:fdc0:fade:2f7::1; <br>
2a00:dcc7:d3ff:88b2::1; 2a04:bdc7:100:1b::3; <br>
2401:1400:1:1201::1:7853:1a5; 2604:180:1:92a::3;
2403:2500:4000::f3e; <br>
2a00:1838:20:2::cd5e:68e9; 2604:180:2:4cf::3;
2a01:4f8:1c0c:8115::3; <br>
2001:19f0:6400:8642::3;<br>
};<br>
// also-notify { 1.2.3.4; }; // none for now<br>
allow-update
{ trusted; };<br>
key-directory "/var/bind/pri/keys";<br>
auto-dnssec maintain;<br>
inline-signing yes;<br>
};<br>
<br>
-- <br>
<br>
Dan Egli<br>
From my Test Server<br>
<br>
</div>
</span></font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at <a class="moz-txt-link-freetext" href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Dan Egli
From my Test Server</pre>
</body>
</html>