Hi Siniša, On Mon, 24 Apr 2017 04:14:56 +0200 Siniša Burina <sbur...@gmail.com> wrote:
> After securing the zone, pdnsutil show-zone <domain.com> shows four DS > records with various digest > types. Which one should be published upstream, or should I publish all of > them? This depends on the registry of the TLD, some have specific demands for certain DS algorithms while others prefer to get the DNSKEY record and create their own DS records from that. If you can choose, algorithm 1 and 2 (SHA1 and SHA256) are accepted by all validators and 4 (SHA384) is nice to have as well. Hope this helps! Best regards, Pieter Lexis -- Pieter Lexis PowerDNS.COM BV -- https://www.powerdns.com _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
