[dns-operations] DSSET File Entries

Mike Peters via dns-operations Mon, 27 Jul 2020 06:14:54 -0700

--- Begin Message ---

When I last looked at DNSSEC I was using ISC Bind 9.11.1

The dnssec-signzone command produced the expected


  dsset-zonename

File with two entries e.g.
 
  example.com.    IN DS 16293 7 1 173543F8153BBCDF9B7A0E127A1E76A10A489748
  example.com.    IN DS 16293 7 2 
01F3E27E9DE840A99D81DE9BA26272FDEB9F1C40AA0CB8FACF31A5CA 56742F94

Signing the same zone file now using ISC Bind 9.16.5 I see only one entry e.g.

  example.com.    IN DS 63741 7 2 
DA0B7F5FB60F1FC49A35C8DEC5CDD47185A9CAB5371C0C42B249F4B5 900E11BC

I note that providers such as Cloudfare / ClouDNS still give examples requiring 
two entries as per the 9.11.1 output.

Question:

Should my DSSET File using the current version of ISC Bind contain One or Two 
entries?

--- End Message ---

_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

[dns-operations] DSSET File Entries

Reply via email to