On Wed, Aug 11, 2021 at 12:14:38PM -0500, Tim Daneliuk via bind-users
wrote:
> On 8/10/21 11:27 PM, raf via bind-users wrote:
> > Does that help at all?
>
> Very much thank you. I have now discovered my DNS key and corresponding DS
> record. I believe the DS record is what I have to provide
On 8/10/21 11:27 PM, raf via bind-users wrote:
> Does that help at all?
Very much thank you. I have now discovered my DNS key and corresponding DS
record. I believe the DS record is what I have to provide my registrar
as I understand it.
--
On Wed, Aug 11, 2021 at 09:40:00AM +0200, Matthijs Mekking
wrote:
> > Syntax question:
> > In https://bind9.readthedocs.io/en/latest/dnssec-guide.html
> > the double quotes are never used in the zone stanza
> > where the dnssec-policy is referred to. The double
> > quotes sometimes (but not
Syntax question:
In https://bind9.readthedocs.io/en/latest/dnssec-guide.html
the double quotes are never used in the zone stanza
where the dnssec-policy is referred to. The double
quotes sometimes (but not always) appear in the
dnssec-policy definition stanza.
Are the double quotes optional in
Hi Tim,
On 11-08-2021 04:19, Tim Daneliuk via bind-users wrote:
On 8/10/21 7:32 PM, raf via bind-users wrote:
To get the DS record information to convey to the
registrar, after starting to use the default policy.
look for the CDS record (the child version of the DS
record) with dig:
dig
On Tue, Aug 10, 2021 at 09:19:33PM -0500, Tim Daneliuk via bind-users
wrote:
> On 8/10/21 7:32 PM, raf via bind-users wrote:
> > To get the DS record information to convey to the
> > registrar, after starting to use the default policy.
> > look for the CDS record (the child version of the DS
>
On 8/10/21 7:32 PM, raf via bind-users wrote:
> To get the DS record information to convey to the
> registrar, after starting to use the default policy.
> look for the CDS record (the child version of the DS
> record) with dig:
>
> dig CDS EXAMPLE.ORG
>
> For the default policy, you'll only
On Tue, Aug 10, 2021 at 11:24:31AM -0500, Tim Daneliuk via bind-users
wrote:
> On 8/10/21 10:07 AM, Matthijs Mekking wrote:
> >> So just to be sure I'm doing the right thing, I've added this to my
> >> options stanza:
> >>
> >> dnssec-policy "default";
> >>
> >> Then restarted named and
On Tue, Aug 10, 2021 at 08:51:04AM -0500, Tim Daneliuk via bind-users
wrote:
> On 8/10/21 7:51 AM, Matthijs Mekking wrote:
> > Hi Klaus,
> >
> > On 10-08-2021 13:38, Klaus Darilion wrote:
> >> Hi Matthijs!
> >>
> >>> We would like to encourage you to change your configurations to
> >>>
Klaus Darilion via bind-users wrote:
>
> By reading this KB I do not know how the user will be informed which DS
> (or DNSKEY) must be submitted to the parent zone. I know you to convert
> a DNSKEY to DS, but IMO the KB is very good but missest hat point.
I would expect the zone's apex CDS and
On 8/10/21 10:07 AM, Matthijs Mekking wrote:
>> So just to be sure I'm doing the right thing, I've added this to my
>> options stanza:
>>
>> dnssec-policy "default";
>>
>> Then restarted named and now all the signing magic is taken care of for
>> me for all zones? (I was not previously using
On 10-08-2021 15:51, Tim Daneliuk via bind-users wrote:
On 8/10/21 7:51 AM, Matthijs Mekking wrote:
Hi Klaus,
On 10-08-2021 13:38, Klaus Darilion wrote:
Hi Matthijs!
We would like to encourage you to change your configurations to
'dnssec-policy'. See this KB article for migration help:
On 8/10/21 7:51 AM, Matthijs Mekking wrote:
> Hi Klaus,
>
> On 10-08-2021 13:38, Klaus Darilion wrote:
>> Hi Matthijs!
>>
>>> We would like to encourage you to change your configurations to
>>> 'dnssec-policy'. See this KB article for migration help:
>>>
>>>
Thanks, I got some more suggestions to improve the KB article, I'll
include yours to that list.
On 10-08-2021 15:28, Klaus Darilion wrote:
On 10-08-2021 13:38, Klaus Darilion wrote:
Hi Matthijs!
We would like to encourage you to change your configurations to
'dnssec-policy'. See this KB
> On 10-08-2021 13:38, Klaus Darilion wrote:
> > Hi Matthijs!
> >
> >> We would like to encourage you to change your configurations to
> >> 'dnssec-policy'. See this KB article for migration help:
> >>
> >> https://kb.isc.org/docs/dnssec-key-and-signing-policy
> >
> > Some comments to this KB
Hi Klaus,
On 10-08-2021 13:38, Klaus Darilion wrote:
Hi Matthijs!
We would like to encourage you to change your configurations to
'dnssec-policy'. See this KB article for migration help:
https://kb.isc.org/docs/dnssec-key-and-signing-policy
Some comments to this KB article and
Hi Matthijs!
> We would like to encourage you to change your configurations to
> 'dnssec-policy'. See this KB article for migration help:
>
> https://kb.isc.org/docs/dnssec-key-and-signing-policy
Some comments to this KB article and dnssec-policy:
- The article should mention how to
17 matches
Mail list logo
