DSSET File Entries
Mike Peters
mikep_aus at yahoo.com
Mon Jul 27 02:30:19 UTC 2020
When I last looked at DNSSEC I was using ISC Bind 9.11.1
The dnssec-signzone command produced the expected
dsset-zonename
File with two entries e.g.
example.com. IN DS 16293 7 1 173543F8153BBCDF9B7A0E127A1E76A10A489748
example.com. IN DS 16293 7 2 01F3E27E9DE840A99D81DE9BA26272FDEB9F1C40AA0CB8FACF31A5CA 56742F94
Signing the same zone file now using ISC Bind 9.16.5 I see only one entry e.g.
example.com. IN DS 63741 7 2 DA0B7F5FB60F1FC49A35C8DEC5CDD47185A9CAB5371C0C42B249F4B5 900E11BC
I note that providers such as Cloudfare / ClouDNS still give examples requiring two entries as per the 9.11.1 output.
Question:
Should my DSSET File using the current version of ISC Bind contain One or Two entries?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200727/ae03944c/attachment.html>
More information about the dns-operations
mailing list