DNSSEC submit of DLV vs DNSKEY records?

/dev/rob0 rob0 at gmx.co.uk
Thu May 5 19:37:23 UTC 2011

FWIW I think you hit the wrong list. Did you mean bind-users at isc?

On Thu, May 05, 2011 at 12:25:27PM -0700, dchilton+bind at bestmail.us 
> after signing my zones with 'dnssec-signzone', i 've got both 
>  dsset-domain.com
>  dlvset-domain.com
> containing DS- and DLV-records, respectively.
> i know i *can* submit the records to my registrar (DS records)
> and dlv.isc.org (DLV records), but should I do both?
> i'm not clear if these are redundant mechs for getting to a
> 'valid' DNSSEC state, or complementary.
> can anyone clarify -- both or just one? and if just one, which
> one?

[I hope someone will correct me if I'm wrong.]

My understanding: if the parent is signed, that is the only way a 
child zone can be validated, unless of course using trusted-keys. 
DLV is only done when the parent is unsigned.

Off to the registrar you go!
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

More information about the dhcp-users mailing list