On 8/10/21 10:07 AM, Matthijs Mekking wrote: >> So just to be sure I'm doing the right thing, I've added this to my >> options stanza: >> >> dnssec-policy "default"; >> >> Then restarted named and now all the signing magic is taken care of for >> me for all zones? (I was not previously using signing.) > > Correct. > > But you still need to manually submit the DS record to your registrar/parent > and if you see the DS published run: > > rndc dnssec -checkds published <zone>.
I've never done any of the signing work before (other than for master/slave). Could you kindly point me to something like "DS Record Creation And Implementation For Dummies"? Thanks, ---------------------------------------------------------------------------- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users