Re: DS digest type(s)

Thu, 17 Oct 2024 00:46:24 -0700 

Thanks,


now that I know what to look for, I found the docs for it.
Maybe worth mentioning that /cds-digest-types/ is not available in 9.18.x, as it has been introduced in 9.19.11. 



   Danilo



On 16. 10. 24 23:24, Mark Andrews wrote:



On 16 Oct 2024, at 23:00, Danilo Godec via bind-users<bind-users@lists.isc.org> 
wrote:

Hi,


I've been doing some more reading into DNSSEC and if I understand correctly, it 
is allowed to have multiple DS records for one KSK - with different digest 
types. Apparently, SHA-1 is deprecated and shouldn't be used anymore, while 
SHA-256 is mandatory and has to exist.

That leaves SHA-384, which is optional and I can generate manually with 
'dnssec-dsfromkey'. Since I have to ask my registrar to add DS records to 
parent zones (.eu in this case), I can just send them both records, right?


Is it also possible to have dnssec-policy to generate both digest types as CDS 
records?

        cds-digest-types { "sha-256"; "sha-384"; };


     Regards,

     Danilo


--
Visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this 
list

ISC funds the development of this software with paid support subscriptions. 
Contact us athttps://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users




Lep pozdrav / Best regards,
--
Danilo Godec | Sistemska podpora / System Administration
AGENDA d.o.o. | Ul. Pohorskega bataljona 49, Sl-2000 Maribor
E: danilo.go...@agenda.si | T: +386 (0)2 421 61 31
Agenda OpenSystems <https://www.agenda.si/> | Največji slovenski odprtokodni integrator Red Hat v Sloveniji <http://www.redhat.si/> | Red Hat Premier Business Partner 
ElasticBox <http://elasticbox.eu/> | Poslovne rešitve v oblaku
Agenda d.o.o. <https://www.agenda.si/>
Izjava o omejitvi odgovornosti / Legal disclaimer statement <https://www.agenda.si/index.php?id=228> 
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to