Hi, After enabling DNSEC for a zone, wich key should i setup/configure on the registrar database ?
When i do a < pdnsutil show-zone myzone.com > we have many keys. See sample below : pdnsutil show-zone myzone.com >This is a Native zone >Metadata items: > API-RECTIFY 1 > SOA-EDIT-API DEFAULT >Zone has NSEC semantics >keys: >ID = 1 (CSK), flags = 257, tag = 58353, algo = 13, bits = 256 Active ( >ECDSAP256SHA256 ) >CSK DNSKEY = myzone.com. IN DNSKEY 257 3 13 wwwwwwwwwwwwwwwww== ; ( >ECDSAP256SHA256 ) >DS = myzone.com. IN DS 58353 13 1 xxxxxxxxxxxxx ; ( SHA1 digest ) >DS = myzone.com. IN DS 58353 13 2 yyyyyyyyyyyyyyyyyyy ; ( SHA256 digest ) >DS = myzone.com. IN DS 58353 13 4 zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz ; ( >SHA-384 digest ) Should i copy/paste the key DNSKEY (ECDSAP256SHA256) or one of the three DS (SHA1 digest, SHA256 digest, SHA-384 digest) ? Thanks for the help. David REYNAUD
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
