Hi Tony!
Am 06.07.2021 um 18:00 schrieb Tony Finch:
Klaus Darilion wrote:
dig ... axfr | grep RRSIG | grep $KEYID
This worked fine for long time but when having keys with the same keyid this
obviously does not work anymore.
If it is one of your zones then your key management software sh
Klaus Darilion writes:
> Are there any tools (bash, php ...) which accepts single
> RRSIG RR and single DNSKEY RR and does the validation?
dnsviz can be run on the command line for pre-delegation testing,
using staged DNSSEC data as necessary.
https://github.com/dnsviz/dnsviz
https://indico.dns
Klaus Darilion wrote:
>
> dig ... axfr | grep RRSIG | grep $KEYID
>
> This worked fine for long time but when having keys with the same keyid this
> obviously does not work anymore.
If it is one of your zones then your key management software should ensure
that all the key IDs are different, i.
Hi all!
In my DNSSEC key rollover processes, before deleting a key and when
activating a key, I check if the signed zone contains signatures from
the respective key. Up to know this was more or less:
dig ... axfr | grep RRSIG | grep $KEYID
This worked fine for long time but when having key
