On Fri, Jul 14, 2017 at 05:11:18PM -0500, /dev/rob0 wrote:
> > Does zbc.com (for example) need DS, or is just passed by the TLD?
>
> Zbc.com. is not a zone, it is a CNAME in the com. TLD. There would
> be no NS to delegate to, therefore no DS.
Actually it *is* a zone: the .com TLD delegates to
On Fri, Jul 14, 2017 at 04:41:07PM -0400, sami's strat wrote:
> What about the child zone? Do I need a DS record for the child
No, not in the delegated zone.
> zone as well? I see a good number of big DNS players in DNS (no
> names) that do have DS records in there zones.
Nothing will use it
What about the child zone? Do I need a DS record for the child zone as
well? I see a good number of big DNS players in DNS (no names) that do
have DS records in there zones.
Does zbc.com (for example) need DS, or is just passed by the TLD?
TIA
On Fri, Jul 14, 2017 at 5:20 AM, Steven Carr wro
On 14 July 2017 at 01:52, sami's strat wrote:
> However, the zone is missing the DS record, completely. That being said,
> what is the offset, or result? I don't see an AD flag when querying the
> zone. Other then that, are there any other ramifications?
Without the DS record in the parent the
The following zone is dnssec signed: ns2cloud.com
However, the zone is missing the DS record, completely. That being said,
what is the offset, or result? I don't see an AD flag when querying the
zone. Other then that, are there any other ramifications?
thanks in advance.
In message <4c67047a.3020...@jason.roysdon.net>, Jason Roysdon writes:
>
> On 08/14/2010 12:43 AM, Matthew Seaman wrote:
> > On 14/08/2010 02:08, Jason Roysdon wrote:
> >> The problem I have is that my zone is using an NSEC3 and when BIND's
> >> dnssec-signzone generates dsset files, it does so w
On 08/14/2010 12:43 AM, Matthew Seaman wrote:
> On 14/08/2010 02:08, Jason Roysdon wrote:
>> The problem I have is that my zone is using an NSEC3 and when BIND's
>> dnssec-signzone generates dsset files, it does so with algorithm 7. How
>> can I generate DS records with NSEC3 keys, for algorithm
I am working on getting my DS record added to the DOT-US zone with
Neustar. In doing so, I found out they have a limitation of only
supporting algorithm 3, which is DSA/SHA1, or algorithm 5, which is
RSA/SHA1:
http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
They do n
8 matches
Mail list logo
