Hi, I recently set up two instances of OpenDNSSEC and BIND on two differnet machines (VMs). One for the domain's nameserver and the other one for the subdomain's nameserver. The signing of both zones works great and I can validate DNSSEC with dig +sigchase if I hand over the trusted key of domain and subdomain. What I am trying to achieve is to validate it by just handing over the key of the parent zone, but the problem is, that I am not able to export the DS RR of the KSK to the parent zone. The export of ZSK works just fine.
The command I am issueing is the following: ods-ksmutil key export --zone sub.domain.tld --keytype KSK ods-ksmutil key export --zone sub.domain.tld --keytype KSK --ds Both are just printintg: SQLIte database set to /var/lib/opendnssec/db/kasp.db I have used all the standard config files and just adopted the time intervals a little. I am running a debian lenny and installed OpenDNSSEC out of the sid repository. OpenDNSSEC has version 1.1.0. SoftHSM is installed in version 1.1.4. I appreciate any hint. Thanks. All the best, Simon Mittelberger _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
