Hi Thomas,
It's not clear what is the source DNS software. Is it Bind or Knot DNS?
The keymgr import is the right way. But you have to import full keys
(private and public parts) for a seamless operation.
Daniel
On 1/14/20 12:37 AM, Thomas wrote:
> Hi!
>
> I need to import dnskeys (KSKs & ZSKs
Hi all,
to make things clear, I would add some notes.
First, one needs to distinguish two possibilities:
1) importing the keys from previous software as they are, both their
public and private parts, and continue signing with the same keys while
switched to new software
For this, you probab
Hi Libor,
our case is exactly what you described in 2)
I was able to import dnskey records from the other zone via "keymgr
import-pub" method.
So, I guess when I sign the zone the "foreign" dnskey record will just
get signed like the others records.
Thanks,
Thomas
Am 14.01.20 um 10:34 sch
Hi,
the command "keymgr ds" gives me 2 DS records. One of Type 2 and
one of Type 4. Is it possible to get Type 1 also?
Thanks,
Thomas
--
https://lists.nic.cz/mailman/listinfo/knot-dns-users
Hi,
for DS records, the digest types are:
1 = SHA-1
2 = SHA-256
3 = SHA-384
Why would you need to obtain a SHA-1 hashed DS record?
Libor
Dne 14.01.20 v 17:37 Thomas E. napsal(a):
Hi,
the command "keymgr ds" gives me 2 DS records. One of Type 2
and one of Type 4. Is it possible to get Ty
Hello,
just to correct Libor's little typo (Libor has just left his computer):
4 = SHA-384
Regards,
David
On 2020-01-14 18:00, libor.peltan wrote:
Hi,
for DS records, the digest types are:
1 = SHA-1
2 = SHA-256
3 = SHA-384
Why would you need to obtain a SHA-1 hashed DS record?
Libor
Dn
Thomas,
keymgr no longer generates DS for algorithm 1 (SHA-1) as it's
deprecated. Especially nowadays.
See https://tools.ietf.org/html/rfc8624#section-3.3
Daniel
On 2020-01-14 17:37, Thomas E. wrote:
Hi,
the command "keymgr ds" gives me 2 DS records. One of Type 2
and one of Type 4. Is it
Hi Daniel,
thanks a lot. I only have seen Type 1 and 2 in the wild, but never Type
4 so far. That is exactly the RFC I was looking for, thanks!
Thomas
On 14.01.20 19:13, daniel.salz...@nic.cz wrote:
> Thomas,
>
> keymgr no longer generates DS for algorithm 1 (SHA-1) as it's
> deprecated. Especi