<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Frank,<div class=""><br class=""></div><div class="">The use of <a href="http://example.com" class="">example.com</a> and the like on this list is provocative specifically because people are frustrated that they then cannot help you. It is something of a special situation that since you are not a regular participant here, you were unaware of. </div><div class=""><br class=""></div><div class="">The people on this list will often go to great lengths to help people who post problems here, by diagnosing the domain that is having an issue. The way that is done is by querying the domain, perhaps closely related domains (parents, children, etc), looking at signatures, other fields in the response, etc. This very often leads quickly to an answer that helps the poster. This kind of active help in troubleshooting your DNS issue cannot be done if you obscure the domain name, and that can be frustrating for people on the list who then cannot help you. </div><div class=""><br class=""></div><div class="">This is why it says in the list information: (<a href="https://lists.isc.org/mailman/listinfo/bind-users" class="">https://lists.isc.org/mailman/listinfo/bind-users</a>)</div><div class=""><p style="font-family: -webkit-standard;" class="">- If you are debugging an active issue with an externally published domain, providing the full domain name allows others to query it in order to help you. Omitting, changing, or obscuring the domain can make it harder or impossible for others to help you. </p><div class="">Regards,</div><div class=""><br class=""></div><div class="">Vicky Risk</div><div><br class=""><blockquote type="cite" class=""><div class="">On May 16, 2022, at 8:41 PM, frank picabia <<a href="mailto:fpicabia@gmail.com" class="">fpicabia@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="">I've been using open source for decades.  Long enough that I rarely need to use lists for help.</div><div class=""><br class=""></div><div class="">Here's the RFC mentioning reserved domain name use:  <a href="https://www.rfc-editor.org/rfc/rfc2606.html" class="">https://www.rfc-editor.org/rfc/rfc2606.html</a><br class=""></div><div class=""><br class="">I am ridiculed by an ISC member for using a reserved domain according to the purpose in the RFC and then<br class="">a second ISC member states I am arrogant?   I think there's a bunch of you that need to check your privilege!<br class="">Or maybe these persons are the chief whips responsible for driving people from the lists into paying customers?</div><div class=""><br class=""></div><div class="">Check other lists.  Postfix. Apache.  Whatever.  No one ever has an issue when they see <a href="http://example.com/" class="">example.com</a></div><div class="">It's widely known as the boilerplate value you're leaving out of the equation for the moment.</div><div class=""><br class=""></div><div class="">In the documentation I see this:<br class=""><br class=""></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px" class=""><div class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)" class="">Once the </span><a class="gmail-internal gmail-reference" href="https://bind9.readthedocs.io/en/v9_18_2/manpages.html#cmdoption-rndc-arg-reconfig" style="box-sizing:border-box;color:rgb(41,128,185);text-decoration-line:none;font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)"><code class="gmail-xref gmail-std gmail-std-option gmail-literal gmail-notranslate gmail-docutils" style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;white-space:nowrap;max-width:100%;background:rgb(255,255,255);border:1px solid rgb(225,228,229);padding:2px 5px;color:rgb(64,64,64);overflow-x:auto;font-weight:bold"><span class="gmail-pre" style="box-sizing:border-box">rndc</span> <span class="gmail-pre" style="box-sizing:border-box">reconfig</span></code></a><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)" class=""> command is issued, BIND serves a signed zone. The file </span><code class="gmail-docutils gmail-literal gmail-notranslate" style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;white-space:nowrap;max-width:100%;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border:1px solid rgb(225,228,229);padding:2px 5px;color:rgb(231,76,60);overflow-x:auto"><span class="gmail-pre" style="box-sizing:border-box"><a href="http://dsset-example.com/" class="">dsset-example.com</a></span></code><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)" class=""> (created by </span><a class="gmail-internal gmail-reference" href="https://bind9.readthedocs.io/en/v9_18_2/manpages.html#std-iscman-dnssec-signzone" style="box-sizing:border-box;color:rgb(41,128,185);text-decoration-line:none;font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)"><code class="gmail-xref gmail-std gmail-std-iscman gmail-literal gmail-notranslate gmail-docutils" style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;white-space:nowrap;max-width:100%;background:rgb(255,255,255);border:1px solid rgb(225,228,229);padding:2px 5px;color:rgb(64,64,64);overflow-x:auto;font-weight:bold"><span class="gmail-pre" style="box-sizing:border-box">dnssec-signzone</span></code></a><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)" class=""> when it signed the </span><code class="gmail-docutils gmail-literal gmail-notranslate" style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;white-space:nowrap;max-width:100%;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border:1px solid rgb(225,228,229);padding:2px 5px;color:rgb(231,76,60);overflow-x:auto"><span class="gmail-pre" style="box-sizing:border-box"><a href="http://example.com/" class="">example.com</a></span></code><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)" class=""> zone) contains the DS record for the zone’s KSK. You will need to pass that to the administrator of the parent zone, to be placed in the zone.</span></blockquote></div></blockquote><div class=""><br class=""></div><div class="">It seems the first value in dsset file is okay.  The documentation doesn't talk about the second one, and this is where<br class="">the problem is seen.  I see one value on the second key (digest 2) in dsset file, and a different value using the value<br class="">obtained by running something like:<br class=""><br class=""><pre style="white-space:pre-wrap;box-sizing:inherit;font-family:Menlo,Monaco,Consolas,"Courier New",monospace;font-size:14.4px;margin-top:0px;margin-bottom:24px;border-radius:0px;background-color:rgb(242,242,242);padding:10.667px 16px;overflow:auto;line-height:1.5;color:rgb(64,64,64)" class="">dig @localhost dnskey <a href="http://irrashai.net/" target="_blank" class="">irrashai.net</a> | dnssec-dsfromkey -f – <a href="http://irrashai.net/" target="_blank" class="">irrashai.net</a></pre></div><div class="">The digest 2 second key here seems to be what should be used with the domain registrar.  I'll soon find out.</div><div class=""><br class=""></div><div class=""><br class=""></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, May 16, 2022 at 2:54 PM Ondřej Surý <<a href="mailto:ondrej@isc.org" class="">ondrej@isc.org</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto" class="">Well, then don’t expect people will want to help you. If you need to hide the information and you need help then you should be prepared to pay for the support. Coming to open source list asking for help for free and expect other people to help you is just plain arrogant behavior. Again, Bert Hubert was exactly right here:<div class=""><br class=""></div><div class=""><a href="https://berthub.eu/articles/posts/anonymous-help/" target="_blank" class="">https://berthub.eu/articles/posts/anonymous-help/</a><br class=""><div class=""><br class="">Ondrej<br class=""><div dir="ltr" class=""><div class="">--</div>Ondřej Surý — ISC (He/Him)<div class=""><br class=""></div><div class="">My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</div></div><div dir="ltr" class=""><br class=""><blockquote type="cite" class="">On 16. 5. 2022, at 19:06, frank picabia <<a href="mailto:fpicabia@gmail.com" target="_blank" class="">fpicabia@gmail.com</a>> wrote:<br class=""><br class=""></blockquote></div><blockquote type="cite" class=""><div dir="ltr" class=""><div class="">Suppose I was working on a problem for Barclays<br class="">Bank, do you suppose they would be thrilled with me posting<br class="">their networking innards for the world to see?</div><div class=""></div></div></blockquote></div></div></div></blockquote></div></div>
-- <br class="">Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" class="">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br class=""><br class="">ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" class="">https://www.isc.org/contact/</a> for more information.<br class=""><br class=""><br class="">bind-users mailing list<br class=""><a href="mailto:bind-users@lists.isc.org" class="">bind-users@lists.isc.org</a><br class="">https://lists.isc.org/mailman/listinfo/bind-users<br class=""></div></blockquote></div><br class=""></div></body></html>