Is there a tool/process to verify if the parenet domain has DSSET, KEYSET, or keys in place for the child domain? Thanks.
--- On Thu, 1/28/10, Florian Weimer <fwei...@bfk.de> wrote: > From: Florian Weimer <fwei...@bfk.de> > Subject: Re: DNSSEC DSSET & KEYSET > To: "prock...@yahoo.com" <prock...@yahoo.com> > Cc: bind-users@lists.isc.org > Date: Thursday, January 28, 2010, 10:17 AM > * prock: > > > In a DNSSEC compliant world (I know we're not there > yet) we need to > > give a copy of our DSSET and KEYSET to our parent > domain. Please > > confirm that is an accurate statement. > > Parent zone policies vary. Some require DS RRs, some > DNSKEY RRs. > Demanding DNSKEY RRs can prolong the life of signature > schemes with > certain weaknesses (which might be helpful at some point in > the > future). > > -- > Florian Weimer > <fwei...@bfk.de> > BFK edv-consulting GmbH http://www.bfk.de/ > Kriegsstraße 100 > tel: +49-721-96201-1 > D-76133 Karlsruhe > fax: +49-721-96201-99 > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users