Hi , When we resign using "dnssec-signzone -o <zone name> -f <new zone file name> <signed zone file>" , we don't get SOA incremented . In general AXFR looks for SOA comparison to reload zone file. In this case how will AXFR happen?
Thanks & Regards, Ramesh On Mon, Jun 7, 2010 at 5:30 PM, <bind-users-requ...@lists.isc.org> wrote: > Send bind-users mailing list submissions to > bind-users@lists.isc.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.isc.org/mailman/listinfo/bind-users > or, via email, send a message with subject or body 'help' to > bind-users-requ...@lists.isc.org > > You can reach the person managing the list at > bind-users-ow...@lists.isc.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of bind-users digest..." > > > Today's Topics: > > 1. .org registrars allowing DS records (itservices88) > 2. Re: .org registrars allowing DS records (Kevin Oberman) > 3. Re: .org registrars allowing DS records (Doug Barton) > 4. Re: .org registrars allowing DS records (Mark Andrews) > 5. Re: .org registrars allowing DS records (itservices88) > 6. how to resign a zone (rams) > 7. Re: how to resign a zone (Alan Clegg) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 6 Jun 2010 11:36:43 -0700 > From: itservices88 <itservice...@gmail.com> > Subject: .org registrars allowing DS records > To: bind-users@lists.isc.org > Message-ID: > <aanlktimwvwoth3yiqxuz-v5eq0yljbrb9jazgyl7x...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > I am using godaddy.com for my .org domains and as per the customer support > replies, they donot support DNSSEC and thus cannot add DS records for my > domains. > > Which other registrars people are using that allow DS records. > > Thanks > -dani > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.isc.org/pipermail/bind-users/attachments/20100606/d0704f3b/attachment-0001.html > > > > ------------------------------ > > Message: 2 > Date: Sun, 06 Jun 2010 17:14:27 -0700 > From: "Kevin Oberman" <ober...@es.net> > Subject: Re: .org registrars allowing DS records > To: itservices88 <itservice...@gmail.com> > Cc: bind-users@lists.isc.org > Message-ID: <20100607001427.7e7161c...@ptavv.es.net> > Content-Type: text/plain; charset=us-ascii > > > I am using godaddy.com for my .org domains and as per the customer > support > > replies, they donot support DNSSEC and thus cannot add DS records for my > > domains. > > > > Which other registrars people are using that allow DS records. > > > > Thanks > > -dani > > Last I checked, .org, while signed, was not yet accepting DS records from > anyone. I suspect that no gtld other than .gov will accept them until the > root > is signed next month. > > I do know that afilias was certifying registrars and I believe that they > will > be releasing a list of those registrars that are certified, but that will > not > mean that they will be accepting them immediately. > > Until then, dlv.isc.org is the best (only?) option. > -- > R. Kevin Oberman, Network Engineer > Energy Sciences Network (ESnet) > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) > E-mail: ober...@es.net Phone: +1 510 486-8634 > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 > > > > > ------------------------------ > > Message: 3 > Date: Sun, 06 Jun 2010 17:24:07 -0700 > From: Doug Barton <do...@dougbarton.us> > Subject: Re: .org registrars allowing DS records > To: Kevin Oberman <ober...@es.net> > Cc: bind-users@lists.isc.org > Message-ID: <4c0c3c27.2050...@dougbarton.us> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 06/06/10 17:14, Kevin Oberman wrote: > >> I am using godaddy.com for my .org domains and as per the customer > support > >> replies, they donot support DNSSEC and thus cannot add DS records for my > >> domains. > >> > >> Which other registrars people are using that allow DS records. > >> > >> Thanks > >> -dani > > > > Last I checked, .org, while signed, was not yet accepting DS records from > > anyone. I suspect that no gtld other than .gov will accept them until the > root > > is signed next month. > > > > I do know that afilias was certifying registrars and I believe that they > will > > be releasing a list of those registrars that are certified, but that will > not > > mean that they will be accepting them immediately. > > Basically correct, yes. For ORG, keep your eye on the following list: > http://www.pir.org/get/registrars > > > hth, > > Doug > > > Until then, dlv.isc.org is the best (only?) option. > > > > -- > > ... and that's just a little bit of history repeating. > -- Propellerheads > > Improve the effectiveness of your Internet presence with > a domain name makeover! > http://SupersetSolutions.com/<http://supersetsolutions.com/> > > > > ------------------------------ > > Message: 4 > Date: Mon, 07 Jun 2010 11:47:34 +1000 > From: Mark Andrews <ma...@isc.org> > Subject: Re: .org registrars allowing DS records > To: "Kevin Oberman" <ober...@es.net> > Cc: bind-users@lists.isc.org > Message-ID: <201006070147.o571lylt004...@drugs.dv.isc.org> > > > In message <20100607001427.7e7161c...@ptavv.es.net>, "Kevin Oberman" > writes: > > > I am using godaddy.com for my .org domains and as per the customer > support > > > replies, they donot support DNSSEC and thus cannot add DS records for > my > > > domains. > > > > > > Which other registrars people are using that allow DS records. > > > > > > Thanks > > > -dani > > > > Last I checked, .org, while signed, was not yet accepting DS records from > > anyone. I suspect that no gtld other than .gov will accept them until the > roo > > t > > is signed next month. > > PIR announced 90 days from the 15th of March, that is this month, before > the root is signed. That 90 days expires next Sunday. > > ".ORG will enable second level signing in June 2010, the root will > follow shortly after, and in early 2011 .COM and .NET will also be > signed." > > http://www.pir.org/blog/2010/90daydnssec > > > I do know that afilias was certifying registrars and I believe that they > will > > > > be releasing a list of those registrars that are certified, but that will > not > > > > mean that they will be accepting them immediately. > > > > Until then, dlv.isc.org is the best (only?) option. > > -- > > R. Kevin Oberman, Network Engineer > > Energy Sciences Network (ESnet) > > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) > > E-mail: ober...@es.net Phone: +1 510 486-8634 > > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 > > > > > > _______________________________________________ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > > > ------------------------------ > > Message: 5 > Date: Sun, 6 Jun 2010 19:33:21 -0700 > From: itservices88 <itservice...@gmail.com> > Subject: Re: .org registrars allowing DS records > To: Mark Andrews <ma...@isc.org> > Cc: bind-users@lists.isc.org > Message-ID: > <aanlktikjq8jdhcrvrpey1deqb0gk4lwugpozx1uhu...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Thanks All. > > -dani > > On Sun, Jun 6, 2010 at 6:47 PM, Mark Andrews <ma...@isc.org> wrote: > > > > > In message <20100607001427.7e7161c...@ptavv.es.net>, "Kevin Oberman" > > writes: > > > > I am using godaddy.com for my .org domains and as per the customer > > support > > > > replies, they donot support DNSSEC and thus cannot add DS records for > > my > > > > domains. > > > > > > > > Which other registrars people are using that allow DS records. > > > > > > > > Thanks > > > > -dani > > > > > > Last I checked, .org, while signed, was not yet accepting DS records > from > > > anyone. I suspect that no gtld other than .gov will accept them until > the > > roo > > > t > > > is signed next month. > > > > PIR announced 90 days from the 15th of March, that is this month, before > > the root is signed. That 90 days expires next Sunday. > > > > ".ORG will enable second level signing in June 2010, the root will > > follow shortly after, and in early 2011 .COM and .NET will also be > > signed." > > > > http://www.pir.org/blog/2010/90daydnssec > > > > > I do know that afilias was certifying registrars and I believe that > they > > will > > > > > > be releasing a list of those registrars that are certified, but that > will > > not > > > > > > mean that they will be accepting them immediately. > > > > > > Until then, dlv.isc.org is the best (only?) option. > > > -- > > > R. Kevin Oberman, Network Engineer > > > Energy Sciences Network (ESnet) > > > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) > > > E-mail: ober...@es.net Phone: +1 510 486-8634 > > > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 > > > > > > > > > _______________________________________________ > > > bind-users mailing list > > > bind-users@lists.isc.org > > > https://lists.isc.org/mailman/listinfo/bind-users > > -- > > Mark Andrews, ISC > > 1 Seymour St., Dundas Valley, NSW 2117, Australia > > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.isc.org/pipermail/bind-users/attachments/20100606/9c584c1f/attachment-0001.html > > > > ------------------------------ > > Message: 6 > Date: Mon, 7 Jun 2010 08:58:20 +0530 > From: rams <brames...@gmail.com> > Subject: how to resign a zone > To: bind-users <bind-users@lists.isc.org> > Message-ID: > <aanlktik-ixxoivrrsgm3lhivndpa3sc4rvd5x9id1...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Hi, > > How to resign a zone? > > Thanks & Regards, > Ramesh > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.isc.org/pipermail/bind-users/attachments/20100607/f57f3819/attachment-0001.html > > > > ------------------------------ > > Message: 7 > Date: Mon, 07 Jun 2010 06:41:31 -0400 > From: Alan Clegg <acl...@isc.org> > Subject: Re: how to resign a zone > To: bind-users@lists.isc.org > Message-ID: <4c0cccdb.3050...@isc.org> > Content-Type: text/plain; charset="iso-8859-1" > > On 6/6/2010 11:28 PM, rams wrote: > > Hi, > > > > How to resign a zone? > > Make it dynamic, allow BIND to have access to the keys and you don't > have to do anything "manually". > > If you don't have (or want to use) that option, you need to run > "dnssec-signzone" on the signed data (to refresh existing signatures) or > on the original input file (if you want to generate all new signatures). > > AlanC > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 260 bytes > Desc: OpenPGP digital signature > URL: < > https://lists.isc.org/pipermail/bind-users/attachments/20100607/e1bb8056/attachment-0001.bin > > > > ------------------------------ > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > End of bind-users Digest, Vol 538, Issue 1 > ****************************************** >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users