On Fri, Mar 2, 2012 at 11:17 PM, dE . de.tec...@gmail.com wrote:
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? –
You will always get a 2 DS
In message can6yy1vu9ecabvindlmpufqfjj47jq_beejdwz8d-jsxvdo...@mail.gmail.com
, Kevin Oberman writes:
On Fri, Mar 2, 2012 at 11:17 PM, dE . de.tec...@gmail.com wrote:
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
second for SHA-256.
I was
On 03/03/12 12:47, dE . wrote:
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
dE . de.tec...@gmail.com wrote:
Ok, so the DS record is not encrypted.
DNSSEC is about signatures: nothing is encrypted. DS records are signed:
a DS RRset has an RRSIG. For example,
; DiG 9.8.1-P1 +multi +dnssec DS isc.org
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY,
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
The DS record is a signature right? It has to be decrypted using a
public key and the decrypted hash has to be compared to the DNSKEY's hash.
So what I'm
Am 18.02.2012 um 17:35 schrieb dE .:
The DS record is a signature right?
No its the hash of a DNSKEY (KSK) in the child zone. The DS is signed with a
RRSIG.
Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
___
Please
On 02/18/12 02:41, Tony Finch wrote:
dE .de.tec...@gmail.com wrote:
Firstly, where do we get the public key for the DS records?
A zone's DNSKEY RRset contains its public keys, and these are hashed to
make its DS records. For example,
$ dig +nottl +noall +answer DS isc.org | perl -pe
On 02/18/12 22:14, Axel Rau wrote:
Am 18.02.2012 um 17:35 schrieb dE .:
The DS record is a signature right?
No its the hash of a DNSKEY (KSK) in the child zone. The DS is signed with a
RRSIG.
Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
Thanks for the
On 02/18/2012 04:35 PM, dE . wrote:
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
The DS record is a signature right?
Wrong.
You're asking a lot of basic questions here. Maybe you could go off and
On 02/18/12 22:55, Jeremy C. Reed wrote:
I started writing a book introducing DNSSEC a few years ago. Would you
like to read a draft of it?
Book on DNSSEC? Ok. Thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? -
You will always get a 2 DS Records in response. One for SHA-1 and second for
SHA-256.
_
dig +dnssec -t DS isc.org
[ Quoting gaurav.kan...@nic.in at 00:36 on Feb 18 in RE: A few
conceptual... ]
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? –
You will always get a 2 DS Records in response. One for
-Original Message-
From: bind-users-bounces+gaurav.kansal=nic...@lists.isc.org
[mailto:bind-users-bounces+gaurav.kansal=nic...@lists.isc.org] On Behalf Of
Miek Gieben
Sent: Saturday, February 18, 2012 12:42 AM
To: bind-users@lists.isc.org
Subject: Re: A few conceptual question
dE . de.tec...@gmail.com wrote:
Firstly, where do we get the public key for the DS records?
A zone's DNSKEY RRset contains its public keys, and these are hashed to
make its DS records. For example,
$ dig +nottl +noall +answer DS isc.org | perl -pe 's/\s+(?!$)/ /g'
isc.org. IN DS 12892 5 1
15 matches
Mail list logo
