<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12.0pt; line-height:1.3; color:#1F497D">
<div>Hello Dan.<br>
<br>
Does your registrar have the ability via a UI to place a DS record in the .name zone?<br>
<br>
And if so, have you done that already?<br>
<br>
John<br>
</div>
<div><br>
</div>
<div id="x_signature-x" class="x_signature_editor" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12.0pt; color:#1F497D">
Sent from <a href="http://www.9folders.com/" style="text-decoration:none; color:#009BDF">
Nine</a><br>
</div>
</div>
<div id="x_quoted_header" style="clear:both">
<hr style="border:none; height:1px; color:#E1E1E1; background-color:#E1E1E1">
<div style="border:none; padding:3.0pt 0cm 0cm 0cm"><span style="font-size:11.0pt; font-family:'Calibri','sans-serif'"><b>From:</b> Dan Egli <dan@newideatest.site><br>
<b>Sent:</b> Monday, May 10, 2021 12:20 AM<br>
<b>To:</b> bind-users@lists.isc.org<br>
<b>Subject:</b> Inline signing fails dnsviz test.<br>
</span></div>
</div>
<br type="attribution">
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">I tried to setup inline signing on my DNS server, and after reading the
<br>
results from DNSVIZ, i'd say I was PARTIALLY successful, but there still <br>
seems to be a lot missing.<br>
<br>
You can check the status on dnsviz yourself with the names <br>
eglifamily.name and newideatest.site. Both resulted in nearly identical <br>
responses, wtih a lot of warning and some errors. A few of those errors <br>
I could blame on my backup DNS provider. You get what you pay for and <br>
they are free. But not everything could be blamed on them.<br>
<br>
I've attached a PNG of the output. Hopefully it comes through. <br>
Meanwhile, here's the zone statements from my named.conf:<br>
<br>
view "standard" IN {<br>
zone "eglifamily.name" {<br>
type master;<br>
file "pri/eglifamily.zone";<br>
allow-query { any; };<br>
allow-transfer {<br>
108.61.224.67; 116.203.6.3; 107.191.99.111; <br>
185.22.172.112; 103.6.87.125; 192.184.93.99; 119.252.20.56; <br>
31.220.30.73; 185.34.136.178; 185.136.176.247; 45.77.29.133; <br>
116.203.0.64; 167.88.161.228; 199.195.249.208; 104.244.78.122; <br>
2605:6400:30:fd6e::3; 2605:6400:10:65::3; 2605:6400:20:d5e::3; <br>
2a01:4f8:1c0c:8122::3; 2001:19f0:7001:381::3; 2a06:fdc0:fade:2f7::1; <br>
2a00:dcc7:d3ff:88b2::1; 2a04:bdc7:100:1b::3; <br>
2401:1400:1:1201::1:7853:1a5; 2604:180:1:92a::3; 2403:2500:4000::f3e; <br>
2a00:1838:20:2::cd5e:68e9; 2604:180:2:4cf::3; 2a01:4f8:1c0c:8115::3; <br>
2001:19f0:6400:8642::3;<br>
};<br>
// also-notify { 1.2.3.4; }; // none for now<br>
allow-update { trusted; };<br>
key-directory "/var/bind/pri/keys";<br>
auto-dnssec maintain;<br>
inline-signing yes;<br>
};<br>
<br>
zone "newideatest.site" {<br>
type master;<br>
file "pri/newideatest.zone";<br>
allow-query { any; };<br>
allow-transfer {<br>
108.61.224.67; 116.203.6.3; 107.191.99.111; <br>
185.22.172.112; 103.6.87.125; 192.184.93.99; 119.252.20.56; <br>
31.220.30.73; 185.34.136.178; 185.136.176.247; 45.77.29.133; <br>
116.203.0.64; 167.88.161.228; 199.195.249.208; 104.244.78.122; <br>
2605:6400:30:fd6e::3; 2605:6400:10:65::3; 2605:6400:20:d5e::3; <br>
2a01:4f8:1c0c:8122::3; 2001:19f0:7001:381::3; 2a06:fdc0:fade:2f7::1; <br>
2a00:dcc7:d3ff:88b2::1; 2a04:bdc7:100:1b::3; <br>
2401:1400:1:1201::1:7853:1a5; 2604:180:1:92a::3; 2403:2500:4000::f3e; <br>
2a00:1838:20:2::cd5e:68e9; 2604:180:2:4cf::3; 2a01:4f8:1c0c:8115::3; <br>
2001:19f0:6400:8642::3;<br>
};<br>
// also-notify { 1.2.3.4; }; // none for now<br>
allow-update { trusted; };<br>
key-directory "/var/bind/pri/keys";<br>
auto-dnssec maintain;<br>
inline-signing yes;<br>
};<br>
<br>
-- <br>
<br>
Dan Egli<br>
From my Test Server<br>
<br>
</div>
</span></font>
</body>
</html>