> On Oct 18, 2022, at 1:58 PM, Mark Andrews <ma...@isc.org> wrote:
>
> Not for DS as it is part of the parent zone.
>
Right. What I meant (but didn't say) was this:
The following is a query for testing for the presence of a DS record in the
igt.fiscal.treasury.gov zone. The signer for the records in the response
should be the parent zone of igt.fiscal.treasury.gov, which is
fiscal.treasury.gov. However, the the signer for the records in the observed
response is treasury.gov.
$ dig +dnssec @ns1.treasury.gov igt.fiscal.treasury.gov ds | awk '$4 == "RRSIG"
{ print $12 }'
treasury.gov.
treasury.gov.
Casey
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
