Thank you! I have now corrected our ancient internal wiki so we now have learned how it goes Very much appreciate your patience and help, now I can start my weekend :->
On Sat, May 1, 2021 at 10:31 PM Tony Finch <d...@dotat.at> wrote: > Edwardo Garcia <wdgar...@gmail.com> wrote: > > > > So you mean to say when it print out > > > > IN DS 45701 13 1 5422E9... > > IN DS 45701 13 2 qwertyE9... > > > > we never needed 45701 13 1 5422E9 only 45701 13 2 qwertyE9 ? > > Exactly, yes! > > > and we only need run > > > > dig @ns0 dnskey guiltyparty.net | dnssec-dsfromkey -2 -f - > guiltyparty.net > > > > and enter in just that one entry? 45701 13 2 qwertyE to the DS in > domain > > reg? > > Correct! > > > and we have been upload both all this years was wrong ? > > Well, not wrong, but unnecessary. The tools generally encouraged everyone > to publish both SHA1 and SHA2 DS records even though just SHA2 has been > enough for more than 10 years and SHA1 has had known weaknesses for even > longer. > > > hrmm, now I start to understand why not many use DNSSEC so confusing to > > those who not do this every day, or so many instructions around nobody > > knows what works > > > > But we getting there :-> > > Yes, slowly... > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> https://dotat.at/ > Shannon, Rockall: Variable 4 or less, becoming southwest 3 to 5 later. > Slight, occasionally moderate in Rockall and at first in Shannon. > Showers. Good. > >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
