In message <1299012754.22227.430.camel@localhost.localdomain>, "fakessh @" writ es: > as I now know what key DS uses. > > I logged into my account and I moved isc dlv record SHA1 DS, > and I thought to receive a new record or something like that. > > well no reply from the ISC is : > A corresponding DNSKEY already exists for this record.
Because there are already DLV records for the key in the DLV. ;; ANSWER SECTION: fakessh.eu.dlv.isc.org. 3529 IN DLV 47103 3 2 68096942650C1DD89D5BE43A9EEA05BA9C20F09EDC55309F4F1CD348 4D8ED07B fakessh.eu.dlv.isc.org. 3529 IN DLV 47103 3 1 CFEA04C5B918359273D6BAC07AE7F2DF5225E357 And the zone itself validates (ad=1). ; <<>> DiG 9.6.0-APPLE-P2 <<>> fakessh.eu soa +adflag ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4080 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;fakessh.eu. IN SOA ;; ANSWER SECTION: fakessh.eu. 38400 IN SOA r13151.ovh.net. postmaster.fakessh.eu. 2011022802 10800 3600 604800 38400 ;; Query time: 2521 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Mar 2 08:45:13 2011 ;; MSG SIZE rcvd: 89 > All comments are welcome to help me find a solution > > nb : I publish on my blog a little article on dnssec > http://fakessh.eu/2011/02/16/faire-marcher-dnssec-sur-son-serveur/ > Le mardi 01 mars 2011 =C3=A0 21:00 +0100, Torinthiel a =C3=A9crit : > > On 03/01/11 20:17, fakessh @ wrote: > > > > > is the repeat isc dlv seems to accept the flag DS > > > in my case i have to a file dsset-fakessh.eu > > > but the file contains two keys DS and i don't know which to use > > > > The DS you have are both for the same key, only one is SHA1 and other > > SHA256. You could try any of them, but see below. > > > > ISC DLV accepts keys, you have to create an account, add your zone and > > keys for it. I remember having some trouble trying to add DS records, > > but DNSKEY worked fine. Of course the zone has to be signed using that > > key, and ISC asks you to add a TXT record at dlv.your.zone (or something > > similar) to prove your ability to modify the zone. > > The procedure is simple and well defined. > > > > And about OVH - I don't know if it's related, but I've asked Polish OVH > > how about providing DNSSEC, as .pl is planned to be signed mid-year, and > > they've answered me they will probably be ready. This might, or might > > not be related to providing DNSSEC by other OVH branches and for other > > registries. > > > > Torinthiel > > _______________________________________________ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > -- > gpg --keyserver pgp.mit.edu --recv-key 092164A7 > http://pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0x092164A7 > > --=-hAV62QMSnDEL5t7IF2op > Content-Type: application/pgp-signature; name=signature.asc > Content-Description: Ceci est une partie de message > =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?= > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.5 (GNU/Linux) > > iD8DBQBNbVyStXI/OwkhZKcRApHLAJ9mpVDpLbdoXNJE2HWrZtEMP5nkOQCfQHxF > OWD+2cnsCQvmY1sJsLmpZoA= > =3tB9 > -----END PGP SIGNATURE----- > > --=-hAV62QMSnDEL5t7IF2op-- > > > --===============8423262514623441036== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > --===============8423262514623441036==-- > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
