How do I insert "CDS 0 0 0 0"?

Sun, 04 Oct 2020 05:50:23 -0700 

What is the magic incantation to inserting a "CDS 0 0 0 0" record in BIND.
Version - BIND 9.16.6 (Stable Release)
I've read RFC8070 - which says... (https://tools.ietf.org/html/rfc8078)

The contents of the CDS or CDNSKEY RRset MUST contain one RR and only
   contain the exact fields as shown below.

      CDS 0 0 0 0

      CDNSKEY 0 3 0 0

In Knot docs... 
https://ripe75.ripe.net/presentations/123-CDNSKEY-FRED-KNOT-RIPE75.pdf
it says...

DS deletion via "CDNSKEY 0 3 0 AA==" or "CDS 0 0 0 00" must be done manually

In https://www.nic.ch/export/shared/.content/files/SWITCH_CDS_Manual_en.pdf it 
says...
A child zone can also signal to turn off DNSSEC by removing the DS record set in the parent zone. In this case, the operator may publish a special CDS record which must exactly match: 
CDS 0 0 0 00


I have a zone called "nodnssec.edu.za".

In a text zone - if I add:-

CDS     0 0 0 0
I get:-   (from running: /usr/sbin/named-checkconf -z /etc/bind/named.conf | grep nodnssec) 

_default/nodnssec.edu.za/IN: bad hex encoding
dns_rdata_fromtext: db.nodnssec.edu.za:17: near eol: bad hex encoding
zone nodnssec.edu.za/IN: loading from master file db.nodnssec.edu.za failed: bad hex encoding 
zone nodnssec.edu.za/IN: not loaded due to errors.

CDS     0 0 0 00   gives me....

_default/nodnssec.edu.za/IN: bad CDS
zone nodnssec.edu.za/IN: CDS/CDNSKEY consistency checks failed
zone nodnssec.edu.za/IN: not loaded due to errors.

I've also tried a null string - CDS     0 0 0 ""    - no joy.

So what should I add?
I've seen a record hosted by Cloudflare.... for revolution.edu.za, DIG shows that as "CDS     0 0 0 00" and the NET_DNS2 software shows it as...  "CDS     0 0 0 " (no digest at all). 




--

Mark James ELKINS  -  Posix Systems - (South) Africa
m...@posix.co.za       Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to