At 21:10 16-10-2012, pangj wrote:
IMO, a resolver will have the ability to get the public key of a ZSK
for validating the signed RR. How will it get this public key?
And, is the usage of a KSK similiar to the CA certificate?
See http://www.nlnetlabs.nl/publications/dnssec_howto/
Regards,
On Oct 16, 2012, at 7:48 PM, pangj pa...@riseup.net wrote:
$ dig +dnssec udp53.org soa
; DiG 9.6.1-P2 +dnssec udp53.org soa
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 37254
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL:
On Oct 16, 2012, at 3:11 PM, Noel Butler noel.but...@ausics.net wrote:
Alan Clegg wrote a quick howto DNSSEC in 6 minutes, you might want to google
it, since ISC has destroyed their new website, I no longer see it in quick
look to show you a link, apparently, it might be buried somewhere in
On Oct 16, 2012, at 3:11 PM, Noel Butler noel.but...@ausics.net wrote:
Alan Clegg wrote a quick howto DNSSEC in 6 minutes, you might want to google
it, since ISC has destroyed their new website, I no longer see it in quick
look to show you a link, apparently, it might be buried somewhere in
On Tue, 2012-10-16 at 15:35 -0700, Alan Clegg wrote:
You can still find it at ISC:
http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
It is a bit long in the tooth. I'll be updating it soon to cover the work
done by ISC in BIND 9.9
All are welcome to propose titles for this new
Hi,
$ dig +dnssec udp53.org soa
; DiG 9.6.1-P2 +dnssec udp53.org soa
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 37254
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL: 11
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp:
In message 507e1c73.6050...@riseup.net, pangj writes:
Hi,
$ dig +dnssec udp53.org soa
; DiG 9.6.1-P2 +dnssec udp53.org soa
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 37254
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 5, ADDITIONAL:
于 2012-10-17 10:54, Mark Andrews 写道:
There is no DS for udp53.org so there is no secure trust chain.
does this mean .org has not been signed?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users
On Oct 16, 2012, at 8:08 PM, pangj pa...@riseup.net wrote:
于 2012-10-17 10:54, Mark Andrews 写道:
There is no DS for udp53.org so there is no secure trust chain.
does this mean .org has not been signed?
No, it means that I haven't inserted the DS record for dnslab.org into the .org
zone.
In message 507e212e.5090...@riseup.net, pangj writes:
ÓÚ 2012-10-17 10:54, Mark Andrews дµÀ:
There is no DS for udp53.org so there is no secure trust chain.
does this mean .org has not been signed?
No. It means that there is no DS for udp53.org.
For udp53.org to validate as secure there
于 2012-10-17 11:10, Alan Clegg 写道:
No, it means that I haven't inserted the DS record for dnslab.org into the .org
zone.
for DS record's data, is it the public key of ZSK? thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
On Oct 16, 2012, at 8:17 PM, pangj pa...@riseup.net wrote:
于 2012-10-17 11:10, Alan Clegg 写道:
No, it means that I haven't inserted the DS record for dnslab.org into the
.org zone.
for DS record's data, is it the public key of ZSK? thanks.
No, it's a hash of the KSK.
AlanC
--
Alan Clegg
于 2012-10-17 11:25, Alan Clegg 写道:
On Oct 16, 2012, at 8:17 PM, pangj pa...@riseup.net wrote:
于 2012-10-17 11:10, Alan Clegg 写道:
No, it means that I haven't inserted the DS record for dnslab.org into the .org
zone.
for DS record's data, is it the public key of ZSK? thanks.
No, it's a
IMO, a resolver will have the ability to get the public key of a ZSK for
validating the signed RR. How will it get this public key?
And, is the usage of a KSK similiar to the CA certificate?
Thanks again.
于 2012-10-17 11:25, Alan Clegg 写道:
On Oct 16, 2012, at 8:17 PM, pangj
14 matches
Mail list logo
