On 9 Sep 2018, at 14:58, Mark Elkins wrote:
> Umm... this initially looks great but something is seriously strange. The
> first numerical value after DS should be the Key ID (or Key Tag). I really
> doubt that you would (randomly) create two different DNSKEY records with
> sequential Key-ID's
(Seems I can't reply directly to the author)
$ dig covisp.net ds
; <<>> DiG 9.11.2-P1 <<>> covisp.net ds
...
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21696
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
...
;; ANSWER SECTION:
covisp.net. 86352 IN
On Sep 8, 2018, at 10:21, Mark Elkins wrote:
> Have you DNSSEC Signed your Domain - that is "covisp.net" because I
> don't see any DS records for it in the "net" zone.
I think I have everything set now and am hopping the two errors I have about
validation are a matter of waiting for hover to
On 08 Sep 2018, at 10:21, Mark Elkins wrote:
> Have you DNSSEC Signed your Domain - that is "covisp.net" because I
> don't see any DS records for it in the "net" zone.
Not yet, I want to have everything working on my side before I go upstream.
Hover is pretty simple to setup the DNSSEC but I
On 08 Sep 2018, at 11:46, @lbutlr wrote:
> I need to check that I am supposed to generate the digest.
to check *HOW* I am supposed to generate the digest.
--
Ille Qui Nos Omnes Servabit
___
Please visit
On 08 Sep 2018, at 09:59, Niall O'Reilly wrote:
> On 8 Sep 2018, at 14:58, @lbutlr wrote:
>
>> so I think there must be something else.
>
> You might need to so some other housekeeping:
>
> https://zonemaster.net/domain_check
> http://dnsviz.net/d/covisp.net/dnssec/
Oh, well, that is
Some clarification
Have you DNSSEC Signed your Domain - that is "covisp.net" because I
don't see any DS records for it in the "net" zone.
dig @a.gtld-servers.net. covisp.net ds
flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
returns the SOA for NET - so I know I got to the
On 09/08/2018 07:58 AM, @lbutlr wrote:
what do I need to do for other DNS servers?
I don't think you need to do anything special.
The zone signatures come form and are managed by the master name server.
The secondary name server(s) is (are) just additional servers with
copies of the zone.
On 8 Sep 2018, at 14:58, @lbutlr wrote:
> so I think there must be something else.
You might need to so some other housekeeping:
https://zonemaster.net/domain_check
http://dnsviz.net/d/covisp.net/dnssec/
/Niall
signature.asc
Description: OpenPGP digital signature
So, I setup up DNSSEC on my authoritative bind 9.12 server, which was very
straightforward and works fine:
dig covisp.net +dnssec +short @8.8.8.8
65.121.55.42
A 7 2 86400 20181008122535 20180908122535 17363 covisp.net.
pkpVdFONJ2dYN+7wQ4pVcQTlWIThY3+mbNdXsE8p5uWiLNvIefVT32JE
10 matches
Mail list logo