PM Mark Elkins wrote:
> Just remove the type-1 digest from the domain registrar.
>
> In the future - only upload type type-2 version.
> On 2022/09/20 20:32, frank picabia wrote:
>
>
> The algorithm migration I made to 8 has worked well.
> Getting green lights on DNSSEC che
The algorithm migration I made to 8 has worked well.
Getting green lights on DNSSEC checkers, etc.
The only odd bit is some warnings at DNSVIS.NET
about DS records using digest algorithm 1.
DNSSEC specification prohibits signing with DS records that use digest
algorithm 1 (SHA-1).
Somehow the
That's a good resource. Thanks, Hugo.
On Wed, Sep 14, 2022 at 1:40 PM Hugo Salgado wrote:
> On 11:23 14/09, frank picabia wrote:
> > Hi,
> >
> > I'm at the point in DNSSEC algorithm migration
> > where I have two types of keys involved in signing.
> >
Hi,
I'm at the point in DNSSEC algorithm migration
where I have two types of keys involved in signing.
Both algorithm 7 and 8 are in use.
The top level domain registrar also has DS keys set up for both 7 and 8.
I need to coordinate pulling out algorithm 7 with the domain registrar so
our domain
he actual real names. You don’t
> go to your mechanic with a different car when you have a problem with your
> car. Using ‘example’ is like doing that.
>
> Mark
>
>
> > On 17 May 2022, at 04:41, frank picabia wrote:
> >
> > I've been using open source for decades.
in, Bert
> Hubert was exactly right here:
>
> https://berthub.eu/articles/posts/anonymous-help/
>
> Ondrej
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do not
> feel obligated to reply outside your normal
Perhaps you are unaware of the use of this domain as a generic filler.
https://example.com/
I don't know why so many people assume the DNS information
will be openly shared. Suppose I was working on a problem for Barclays
Bank, do you suppose they would be thrilled with me posting
their
to do. Using one of the other approaches with
dnssec-dsfromkey is needed. The values in dsset file begin the
same but it's different.
On Mon, May 16, 2022 at 11:37 AM frank picabia wrote:
>
> That's helpful. Very similar to what I found a minute ago on
>
> https://blog.apnic.net/20
lhost example.com. DNSKEY | egrep "IN\sDNSKEY\s257" |
> dnssec-dsfromkey -f - example.com.
>
> Daniel
>
>
> On 16.05.22 16:01, frank picabia wrote:
> > Let's put it another way:
> >
> > Using tools like host or dig, can I look up my DS without it talki
wrote:
> On 16/05/2022 15:07, frank picabia wrote:
>
> Hi Frank,
>
> > I have dsset-example.com showing two DS keys with algorithm 8.
> > I included both .key files in my DNS. Only digest 1 comes back
> > in a dig query.
> >
> > I use dnssec-signzone tool
I have dsset-example.com showing two DS keys with algorithm 8.
I included both .key files in my DNS. Only digest 1 comes back
in a dig query.
I use dnssec-signzone tool to sign the zone file.
The domain registrar says there is a problem with the digest 2 value.
It's copied directly from the
On Thu, May 5, 2022 at 3:48 PM Tony Finch wrote:
> frank picabia wrote:
> > On Thu, May 5, 2022 at 1:46 PM wrote:
> > >
> > > Tony wrote a nice article about that:
> > > https://www.dns.cam.ac.uk/news/2020-01-15-rollover.html
> >
> > Thanks
On Thu, May 5, 2022 at 1:46 PM wrote:
> Hi,
>
> On 5/5/22 6:37 PM, frank picabia wrote:
> >
> > Hi,
> >
> > I've been running a Bind set up with DNSSEC for many years.
> > It was done following the guide at the digitalocean site.
> >
> > What
Hi,
I've been running a Bind set up with DNSSEC for many years.
It was done following the guide at the digitalocean site.
What I don't find in a nice guide, is how to change your algorithm
to a more current one, and seamlessly make your domain
run under this new chain of data.
I tried it on my
14 matches
Mail list logo
