Dan Egli <d...@newideatest.site> wrote:
>
> Where do I get the DS record, since i'm using bind's inline signing?
Use the dnssec-dsfromkey tool, e.g. from a key file (make sure it's the
KSK file)
$ grep This Kcam.ac.uk.+013+32840.key
; This is a key-signing key, keyid 32840, for cam.ac.uk.
$ dnssec-dsfromkey -2 Kcam.ac.uk.+013+32840.key
cam.ac.uk. IN DS 32840 13 2
2BDAF21907420CE792AF02B55071953BC2BDB64B5126710E12AF89F711322B85
or from your DNSKEY RRset (safest to run this on your primary to be sure
the keys aren't mangled)
$ dig cam.ac.uk dnskey | dnssec-dsfromkey -2 -f - cam.ac.uk
cam.ac.uk. IN DS 32840 13 2
2BDAF21907420CE792AF02B55071953BC2BDB64B5126710E12AF89F711322B85
Tony.
--
f.anthony.n.finch <d...@dotat.at> https://dotat.at/
Berwick upon Tweed to Whitby: South backing southeast, 3 to 5,
occasionally 6 at first. Slight or moderate becoming slight. Showers,
perhaps thundery later. Good occasionally moderate later.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
