DSSET File Entries

Mike Peters mikep_aus at yahoo.com
Mon Jul 27 02:30:19 UTC 2020

When I last looked at DNSSEC I was using ISC Bind 9.11.1

The dnssec-signzone command produced the expected


File with two entries e.g.
  example.com.    IN DS 16293 7 1 173543F8153BBCDF9B7A0E127A1E76A10A489748
  example.com.    IN DS 16293 7 2 01F3E27E9DE840A99D81DE9BA26272FDEB9F1C40AA0CB8FACF31A5CA 56742F94

Signing the same zone file now using ISC Bind 9.16.5 I see only one entry e.g.

  example.com.    IN DS 63741 7 2 DA0B7F5FB60F1FC49A35C8DEC5CDD47185A9CAB5371C0C42B249F4B5 900E11BC

I note that providers such as Cloudfare / ClouDNS still give examples requiring two entries as per the 9.11.1 output.


Should my DSSET File using the current version of ISC Bind contain One or Two entries?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200727/ae03944c/attachment.html>

More information about the dns-operations mailing list