-----Original Message----- From: bind-users-bounces+gaurav.kansal=nic...@lists.isc.org [mailto:bind-users-bounces+gaurav.kansal=nic...@lists.isc.org] On Behalf Of Miek Gieben Sent: Saturday, February 18, 2012 12:42 AM To: bind-users@lists.isc.org Subject: Re: A few conceptual question about dnssec. [ Quoting < <mailto:gaurav.kan...@nic.in> gaurav.kan...@nic.in> at 00:36 on Feb 18 in "RE: A few conceptual..." ] > Firstly, where do we get the public key for the DS records? > > Can you clarify your question??? > > > > Second, why do I get multiple DS records as response? – > > You will always get a 2 DS Records in response. One for SHA-1 and > second for SHA-256. That completely depends on what is configured in the zone. But I think it is recommended that you should always put 2 DS Records in your zone file corresponding to each child zone. One for SHA1 and second for SHA256. That’s why we always get 2 DS Records from ROOT Server pointing to TLDs. Perhaps this will help: <http://nlnetlabs.nl/publications/dnssec_howto/> http://nlnetlabs.nl/publications/dnssec_howto/ grtz Miek
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users