On Thu, Jan 28, 2010 at 03:42:11PM +0000, Evan Hunt wrote: > > > Is there a tool/process to verify if the parenet domain has DSSET, > > KEYSET, or keys in place for the child domain? Thanks. > > "dig ds <yourdomain>", and check that a) DS records are returned, and > B) the first field of at least some of the DS records match the key ID of > the key-signing key for your zone. For example, isc.org is using key 12892:
Apologies if I'm missing something, but wouldn't this read the DS records off the domain's own name servers, rather than the parent's? Shouldn't there be an additional @parent.name.server argument? Thanks. -- /*********************************************************************\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*********************************************************************/ _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
