Hi Tim,
On 11-08-2021 04:19, Tim Daneliuk via bind-users wrote:
On 8/10/21 7:32 PM, raf via bind-users wrote:
To get the DS record information to convey to the
registrar, after starting to use the default policy.
look for the CDS record (the child version of the DS
record) with dig:
dig CDS EXAMPLE.ORG
For the default policy, you'll only have to do this
once (or until your server gets compromised and you
start again). But until you've done this, it's not
done. The trust chain has to go all the way to the
root, so you need the involvement of your registrar
(to get your DS published and signed).
That's quite helpful, thanks, but still unclear about one
thing. When I run the dig command above I do get a result
back with a "COOKIE" value in the response. This value
changes each time I run the dig. Is any one of these the
"DS record" I want to convey to my registrar?
Other than this I see nothing that resembles a relevant response AND
the COOKIE field does not show up if I do the dig from outside the zone.
Cookies are a different thing, unrelated to DNSSEC:
https://datatracker.ietf.org/doc/html/rfc7873
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
