Hi, I have questions about how to configure the DNS with NS delegation record once it's signed.
My DNS server is the parent zone, for example, "testing.net" and is signed with DNSSEC. My zone configuration is as follows: $TTL 36000 $INCLUDE /var/named9/dnssec-testing/Ktesting.net..+007+32934.key ; key signing key $INCLUDE /var/named9/dnssec-testing/Ktesting.net.+007+46725.key ; zone signing key $INCLUDE /var/named9/dnssec-testing/Ktesting.net.+007+32367.key ; pre-published zone signing key @ IN SOA dns1.testing.net. root.testing.net. (2011031200 3600 600 1209600 14400) Testing.net. IN NS dns1.testing.net. Testing.net. IN NS dns2.testing.net. www IN A 168.168.168.168 access IN NS sub1.testing.net. As of right now, the "sub1.testing.net" isn't DNSSEC compliant yet. We want sub1.testing.net to be DNSSEC aware. My question is, do we (as parent of testing.net zone) need to generate the key (KSK) and zone key (ZSK) for the "sub1.testing.net" or should "sub1.testing.net" server will need to do that? If they generate the keys to sign all the records in their server, do they need to send us their key files? How do we (as parent) to include those keys in our zone file? Thanks, Linh Khuu
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
