On 10-08-2021 15:51, Tim Daneliuk via bind-users wrote:
On 8/10/21 7:51 AM, Matthijs Mekking wrote:
Hi Klaus,
On 10-08-2021 13:38, Klaus Darilion wrote:
Hi Matthijs!
We would like to encourage you to change your configurations to
'dnssec-policy'. See this KB article for migration help:
https://kb.isc.org/docs/dnssec-key-and-signing-policy
Some comments to this KB article and dnssec-policy:
- The article should mention how to retrieve the DS record from
Bind.
So just to be sure I'm doing the right thing, I've added this to my
options stanza:
dnssec-policy "default";
Then restarted named and now all the signing magic is taken care of for
me for all zones? (I was not previously using signing.)
Correct.
But you still need to manually submit the DS record to your
registrar/parent and if you see the DS published run:
rndc dnssec -checkds published <zone>.
TIA,
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
