Is there a tool/process to verify if the parenet domain has DSSET, KEYSET, or keys in place for the child domain? Thanks.
--- On Thu, 1/28/10, Florian Weimer <[email protected]> wrote: > From: Florian Weimer <[email protected]> > Subject: Re: DNSSEC DSSET & KEYSET > To: "[email protected]" <[email protected]> > Cc: [email protected] > Date: Thursday, January 28, 2010, 10:17 AM > * prock: > > > In a DNSSEC compliant world (I know we're not there > yet) we need to > > give a copy of our DSSET and KEYSET to our parent > domain. Please > > confirm that is an accurate statement. > > Parent zone policies vary. Some require DS RRs, some > DNSKEY RRs. > Demanding DNSKEY RRs can prolong the life of signature > schemes with > certain weaknesses (which might be helpful at some point in > the > future). > > -- > Florian Weimer > <[email protected]> > BFK edv-consulting GmbH http://www.bfk.de/ > Kriegsstraße 100 > tel: +49-721-96201-1 > D-76133 Karlsruhe > fax: +49-721-96201-99 > _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
