<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";
mso-fareast-language:EN-GB;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:10689148;
mso-list-type:hybrid;
mso-list-template-ids:108790482 134807567 134807577 134807579 134807567 134807577 134807579 134807567 134807577 134807579;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>Hello, hope everyone is fine.<o:p></o:p></p><p class=MsoNormal>So it seems that going to Bind version 9.16 was the right call as it simplifies DNSSEC a lot.<o:p></o:p></p><p class=MsoNormal>Nevertheless, I would like to clarify some things because our organization has a parent domain and I host my own e-mail servers. I know they had problems while implementing DNSSEC on the top domain, and some configurations had to be made to let subdomain e-mail servers to still work after DNSSEC.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Following RedHat tutorial, all I had to do was add “<b>dnssec-policy default;”</b> into one of my zones for testing purposes. I’m not testing Reverse zones yet.<o:p></o:p></p><p class=MsoNormal>After this, 3 files “Kmy.domain***” were created:<o:p></o:p></p><p class=MsoNormal>“.key”<o:p></o:p></p><p class=MsoNormal>“.private”<o:p></o:p></p><p class=MsoNormal>“.state”.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Three files regarding my zone were also created:<o:p></o:p></p><p class=MsoNormal>My.domain.signed<o:p></o:p></p><p class=MsoNormal>And the following 2, which I’m not sure what their purpose is<o:p></o:p></p><p class=MsoNormal><b>My.domain</b>.<b>jbk</b> and<b> my.domain.signed.jnl</b><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>There are also “managed-keys.bind” and “managed-keys.bind.jnl”<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>My questions:<o:p></o:p></p><ol style='margin-top:0cm' start=1 type=1><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo1'>Everytime I restart the service, it seems all these files are recreated. Does this mean that every time I make a change in the host zone, I need resend the public key to my top domain?<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo1'>Do Parental Agents help with this?<o:p></o:p></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo1'>Which format should I use when providing the key to the top level domain? <o:p></o:p></li></ol><p class=MsoNormal style='background:#F8F8F8'><b><span style='font-size:10.0pt;font-family:Consolas;color:#151515;mso-fareast-language:EN-GB'> dnssec-dsfromkey /var/named/K<i>example.com.+013+61141</i>.key</span></b><span style='font-size:10.0pt;font-family:Consolas;color:#151515;mso-fareast-language:EN-GB'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:36.0pt'>or<o:p></o:p></p><pre style='background:#F8F8F8'><strong><span style='font-family:Consolas;color:#151515'> grep DNSKEY /var/named/K</span></strong><em><b><span style='font-family:Consolas;color:#151515'>example.com.+013+61141.key</span></b></em><span style='font-family:Consolas;color:#151515'><o:p></o:p></span></pre><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Kind regards<o:p></o:p></p><p class=MsoNormal>David Carvalho<o:p></o:p></p></div></body></html>