On 8/10/21 7:32 PM, raf via bind-users wrote: > To get the DS record information to convey to the > registrar, after starting to use the default policy. > look for the CDS record (the child version of the DS > record) with dig: > > dig CDS EXAMPLE.ORG > > For the default policy, you'll only have to do this > once (or until your server gets compromised and you > start again). But until you've done this, it's not > done. The trust chain has to go all the way to the > root, so you need the involvement of your registrar > (to get your DS published and signed).
That's quite helpful, thanks, but still unclear about one thing. When I run the dig command above I do get a result back with a "COOKIE" value in the response. This value changes each time I run the dig. Is any one of these the "DS record" I want to convey to my registrar? Other than this I see nothing that resembles a relevant response AND the COOKIE field does not show up if I do the dig from outside the zone. -- ---------------------------------------------------------------------------- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users