Hi ,
When we resign using "dnssec-signzone -o <zone name> -f <new zone
file name> <signed zone file>" , we don't get SOA incremented . In
general AXFR looks for SOA comparison to reload zone file. In this
case how will AXFR happen?
Thanks & Regards,
Ramesh
On Mon, Jun 7, 2010 at 5:30 PM, <bind-users-requ...@lists.isc.org>
wrote:
Send bind-users mailing list submissions to
bind-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/bind-users
or, via email, send a message with subject or body 'help' to
bind-users-requ...@lists.isc.org
You can reach the person managing the list at
bind-users-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of bind-users digest..."
Today's Topics:
1. .org registrars allowing DS records (itservices88)
2. Re: .org registrars allowing DS records (Kevin Oberman)
3. Re: .org registrars allowing DS records (Doug Barton)
4. Re: .org registrars allowing DS records (Mark Andrews)
5. Re: .org registrars allowing DS records (itservices88)
6. how to resign a zone (rams)
7. Re: how to resign a zone (Alan Clegg)
----------------------------------------------------------------------
Message: 1
Date: Sun, 6 Jun 2010 11:36:43 -0700
From: itservices88 <itservice...@gmail.com>
Subject: .org registrars allowing DS records
To: bind-users@lists.isc.org
Message-ID:
<aanlktimwvwoth3yiqxuz-v5eq0yljbrb9jazgyl7x...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
I am using godaddy.com for my .org domains and as per the customer
support
replies, they donot support DNSSEC and thus cannot add DS records
for my
domains.
Which other registrars people are using that allow DS records.
Thanks
-dani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100606/d0704f3b/attachment-0001.html
>
------------------------------
Message: 2
Date: Sun, 06 Jun 2010 17:14:27 -0700
From: "Kevin Oberman" <ober...@es.net>
Subject: Re: .org registrars allowing DS records
To: itservices88 <itservice...@gmail.com>
Cc: bind-users@lists.isc.org
Message-ID: <20100607001427.7e7161c...@ptavv.es.net>
Content-Type: text/plain; charset=us-ascii
> I am using godaddy.com for my .org domains and as per the customer
support
> replies, they donot support DNSSEC and thus cannot add DS records
for my
> domains.
>
> Which other registrars people are using that allow DS records.
>
> Thanks
> -dani
Last I checked, .org, while signed, was not yet accepting DS records
from
anyone. I suspect that no gtld other than .gov will accept them
until the root
is signed next month.
I do know that afilias was certifying registrars and I believe that
they will
be releasing a list of those registrars that are certified, but that
will not
mean that they will be accepting them immediately.
Until then, dlv.isc.org is the best (only?) option.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: ober...@es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
------------------------------
Message: 3
Date: Sun, 06 Jun 2010 17:24:07 -0700
From: Doug Barton <do...@dougbarton.us>
Subject: Re: .org registrars allowing DS records
To: Kevin Oberman <ober...@es.net>
Cc: bind-users@lists.isc.org
Message-ID: <4c0c3c27.2050...@dougbarton.us>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 06/06/10 17:14, Kevin Oberman wrote:
>> I am using godaddy.com for my .org domains and as per the
customer support
>> replies, they donot support DNSSEC and thus cannot add DS records
for my
>> domains.
>>
>> Which other registrars people are using that allow DS records.
>>
>> Thanks
>> -dani
>
> Last I checked, .org, while signed, was not yet accepting DS
records from
> anyone. I suspect that no gtld other than .gov will accept them
until the root
> is signed next month.
>
> I do know that afilias was certifying registrars and I believe
that they will
> be releasing a list of those registrars that are certified, but
that will not
> mean that they will be accepting them immediately.
Basically correct, yes. For ORG, keep your eye on the following list:
http://www.pir.org/get/registrars
hth,
Doug
> Until then, dlv.isc.org is the best (only?) option.
--
... and that's just a little bit of history repeating.
-- Propellerheads
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
------------------------------
Message: 4
Date: Mon, 07 Jun 2010 11:47:34 +1000
From: Mark Andrews <ma...@isc.org>
Subject: Re: .org registrars allowing DS records
To: "Kevin Oberman" <ober...@es.net>
Cc: bind-users@lists.isc.org
Message-ID: <201006070147.o571lylt004...@drugs.dv.isc.org>
In message <20100607001427.7e7161c...@ptavv.es.net>, "Kevin Oberman"
writes:
> > I am using godaddy.com for my .org domains and as per the
customer support
> > replies, they donot support DNSSEC and thus cannot add DS
records for my
> > domains.
> >
> > Which other registrars people are using that allow DS records.
> >
> > Thanks
> > -dani
>
> Last I checked, .org, while signed, was not yet accepting DS
records from
> anyone. I suspect that no gtld other than .gov will accept them
until the roo
> t
> is signed next month.
PIR announced 90 days from the 15th of March, that is this month,
before
the root is signed. That 90 days expires next Sunday.
".ORG will enable second level signing in June 2010, the root will
follow shortly after, and in early 2011 .COM and .NET will also be
signed."
http://www.pir.org/blog/2010/90daydnssec
> I do know that afilias was certifying registrars and I believe
that they will
>
> be releasing a list of those registrars that are certified, but
that will not
>
> mean that they will be accepting them immediately.
>
> Until then, dlv.isc.org is the best (only?) option.
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: ober...@es.net Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
>
>
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
------------------------------
Message: 5
Date: Sun, 6 Jun 2010 19:33:21 -0700
From: itservices88 <itservice...@gmail.com>
Subject: Re: .org registrars allowing DS records
To: Mark Andrews <ma...@isc.org>
Cc: bind-users@lists.isc.org
Message-ID:
<aanlktikjq8jdhcrvrpey1deqb0gk4lwugpozx1uhu...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Thanks All.
-dani
On Sun, Jun 6, 2010 at 6:47 PM, Mark Andrews <ma...@isc.org> wrote:
>
> In message <20100607001427.7e7161c...@ptavv.es.net>, "Kevin Oberman"
> writes:
> > > I am using godaddy.com for my .org domains and as per the
customer
> support
> > > replies, they donot support DNSSEC and thus cannot add DS
records for
> my
> > > domains.
> > >
> > > Which other registrars people are using that allow DS records.
> > >
> > > Thanks
> > > -dani
> >
> > Last I checked, .org, while signed, was not yet accepting DS
records from
> > anyone. I suspect that no gtld other than .gov will accept them
until the
> roo
> > t
> > is signed next month.
>
> PIR announced 90 days from the 15th of March, that is this month,
before
> the root is signed. That 90 days expires next Sunday.
>
> ".ORG will enable second level signing in June 2010, the root will
> follow shortly after, and in early 2011 .COM and .NET will also be
> signed."
>
> http://www.pir.org/blog/2010/90daydnssec
>
> > I do know that afilias was certifying registrars and I believe
that they
> will
> >
> > be releasing a list of those registrars that are certified, but
that will
> not
> >
> > mean that they will be accepting them immediately.
> >
> > Until then, dlv.isc.org is the best (only?) option.
> > --
> > R. Kevin Oberman, Network Engineer
> > Energy Sciences Network (ESnet)
> > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> > E-mail: ober...@es.net Phone: +1 510
486-8634
> > Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
> >
> >
> > _______________________________________________
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100606/9c584c1f/attachment-0001.html
>
------------------------------
Message: 6
Date: Mon, 7 Jun 2010 08:58:20 +0530
From: rams <brames...@gmail.com>
Subject: how to resign a zone
To: bind-users <bind-users@lists.isc.org>
Message-ID:
<aanlktik-ixxoivrrsgm3lhivndpa3sc4rvd5x9id1...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
How to resign a zone?
Thanks & Regards,
Ramesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100607/f57f3819/attachment-0001.html
>
------------------------------
Message: 7
Date: Mon, 07 Jun 2010 06:41:31 -0400
From: Alan Clegg <acl...@isc.org>
Subject: Re: how to resign a zone
To: bind-users@lists.isc.org
Message-ID: <4c0cccdb.3050...@isc.org>
Content-Type: text/plain; charset="iso-8859-1"
On 6/6/2010 11:28 PM, rams wrote:
> Hi,
>
> How to resign a zone?
Make it dynamic, allow BIND to have access to the keys and you don't
have to do anything "manually".
If you don't have (or want to use) that option, you need to run
"dnssec-signzone" on the signed data (to refresh existing
signatures) or
on the original input file (if you want to generate all new
signatures).
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100607/e1bb8056/attachment-0001.bin
>
------------------------------
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
End of bind-users Digest, Vol 538, Issue 1
******************************************
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
