as I now know what key DS uses. I logged into my account and I moved isc dlv record SHA1 DS, and I thought to receive a new record or something like that.
well no reply from the ISC is : A corresponding DNSKEY already exists for this record. All comments are welcome to help me find a solution nb : I publish on my blog a little article on dnssec http://fakessh.eu/2011/02/16/faire-marcher-dnssec-sur-son-serveur/ Le mardi 01 mars 2011 à 21:00 +0100, Torinthiel a écrit : > On 03/01/11 20:17, fakessh @ wrote: > > > is the repeat isc dlv seems to accept the flag DS > > in my case i have to a file dsset-fakessh.eu > > but the file contains two keys DS and i don't know which to use > > The DS you have are both for the same key, only one is SHA1 and other > SHA256. You could try any of them, but see below. > > ISC DLV accepts keys, you have to create an account, add your zone and > keys for it. I remember having some trouble trying to add DS records, > but DNSKEY worked fine. Of course the zone has to be signed using that > key, and ISC asks you to add a TXT record at dlv.your.zone (or something > similar) to prove your ability to modify the zone. > The procedure is simple and well defined. > > And about OVH - I don't know if it's related, but I've asked Polish OVH > how about providing DNSSEC, as .pl is planned to be signed mid-year, and > they've answered me they will probably be ready. This might, or might > not be related to providing DNSSEC by other OVH branches and for other > registries. > > Torinthiel > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
signature.asc
Description: Ceci est une partie de message numériquement signée
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
