Hi Chris,
Op 24-09-2021 om 16:44 schreef Chris:
at all. If you don't do that; likely the only trouble you're likely
to incur will be with MXs (mail exchange) accepting mail from you.
Could you explain in (a bit) more detail what those potential MX
problems could be?
Thanks!
--
On 2021-09-24 04:14, mj wrote:
Hi dear knot users,
Back again with a yet another question on the same subject. Hopefully this
time
the last one...
We are a sub domain: sub.company.com, and in order to eanble DNSSEC, I need
to
enable DNSSEC on our knot zone sub.company.com, and send the DS
Hi Libor!
Thanks for your reassuring words, I will proceed as recommended!
MJ
Op 24-09-2021 om 13:27 schreef libor.peltan:
Hi MJ,
I assume that having a DNSSEC signed zone below an insecure delegation
makes no harm (comparing to un-signed zone) at all for any (possibly
long) period of
Hi MJ,
I assume that having a DNSSEC signed zone below an insecure delegation
makes no harm (comparing to un-signed zone) at all for any (possibly
long) period of time.
So you can simply enable DNSSEC signing on your Knot now, and wait for
the parent to employ your DS later. In the
Hi dear knot users,
Back again with a yet another question on the same subject. Hopefully
this time the last one...
We are a sub domain: sub.company.com, and in order to eanble DNSSEC, I
need to enable DNSSEC on our knot zone sub.company.com, and send the DS
key to company.com DNS admins
ok, good to know!
Thanks (again!) for the quick reply!
MJ
Op 31-08-2021 om 12:01 schreef Daniel Salzman:
Hi,
The extra white space is just a redundant separation of a long hex string. You
can ignore it.
Daniel
On 8/31/21 11:49 AM, mj wrote:
Hi,
We have a (hopefully last) follow-up
On 31/08/2021 11:49, mj wrote:
Hi MJ,
> Now the question. In most (if not all?) docs we read on the subject, the
> DS key looks something like:
>
>> knot-dns.cz. 3600 IN DS 54959 13 2
>> 268DE6EB7E0630953B8AF0F0037BF68FD10443BF01B5E17805AF94C2 6921897D
> or
>> dnssec-tools.org.
Hi,
The extra white space is just a redundant separation of a long hex string. You
can ignore it.
Daniel
On 8/31/21 11:49 AM, mj wrote:
> Hi,
>
> We have a (hopefully last) follow-up question on the knot-generated dnssec
> keys for our domain.
>
> Our policy is is set to algorithm:
Hi,
We have a (hopefully last) follow-up question on the knot-generated
dnssec keys for our domain.
Our policy is is set to algorithm: ECDSAP256SHA256. Upon knot start,
knot generates the key:
knotd[25835]: info: [company.com.] DNSSEC, key, tag 54011, algorithm
ECDSAP256SHA256, KSK,