In message
, Kevin Oberman writes:
> On Fri, Mar 2, 2012 at 11:17 PM, dE . wrote:
> > On 02/18/12 00:36, Gaurav kansal wrote:
> >
> >
> >
> >
> >
> > Firstly, where do we get the public key for the DS records?
> >
> > Can you clarify your question???
> >
> >
> >
> > Second, why do I get multiple
On Fri, Mar 2, 2012 at 11:17 PM, dE . wrote:
> On 02/18/12 00:36, Gaurav kansal wrote:
>
>
>
>
>
> Firstly, where do we get the public key for the DS records?
>
> Can you clarify your question???
>
>
>
> Second, why do I get multiple DS records as response? –
>
> You will always get a 2 DS Records
On 03/03/12 12:47, dE . wrote:
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
se
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? --
You will always get a 2 DS Records in response. One for SHA-1 and
second for SHA-256.
I was read
dE . wrote:
>
> Ok, so the DS record is not encrypted.
DNSSEC is about signatures: nothing is encrypted. DS records are signed:
a DS RRset has an RRSIG. For example,
; <<>> DiG 9.8.1-P1 <<>> +multi +dnssec DS isc.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: N
On 02/18/12 22:55, Jeremy C. Reed wrote:
I started writing a book introducing DNSSEC a few years ago. Would you
like to read a draft of it?
Book on DNSSEC? Ok. Thanks.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
On 02/18/2012 04:35 PM, dE . wrote:
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
The DS record is a signature right?
Wrong.
You're asking a lot of basic questions here. Maybe you could go off and
On 02/18/12 22:14, Axel Rau wrote:
Am 18.02.2012 um 17:35 schrieb dE .:
The DS record is a signature right?
No its the hash of a DNSKEY (KSK) in the child zone. The DS is signed with a
RRSIG.
Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
Thanks for the clari
On 02/18/12 02:41, Tony Finch wrote:
dE . wrote:
Firstly, where do we get the public key for the DS records?
A zone's DNSKEY RRset contains its public keys, and these are hashed to
make its DS records. For example,
$ dig +nottl +noall +answer DS isc.org | perl -pe 's/\s+(?!$)/ /g'
isc.org. I
Am 18.02.2012 um 17:35 schrieb dE .:
> The DS record is a signature right?
No its the hash of a DNSKEY (KSK) in the child zone. The DS is signed with a
RRSIG.
Axel
---
PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
___
Please vis
On 02/18/12 00:36, Gaurav kansal wrote:
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
The DS record is a signature right? It has to be decrypted using a
public key and the decrypted hash has to be compared to the DNSKEY's hash.
So what I'm a
dE . wrote:
> Firstly, where do we get the public key for the DS records?
A zone's DNSKEY RRset contains its public keys, and these are hashed to
make its DS records. For example,
$ dig +nottl +noall +answer DS isc.org | perl -pe 's/\s+(?!$)/ /g'
isc.org. IN DS 12892 5 1 982113D08B4C6A1D9F6AEE1
-Original Message-
From: bind-users-bounces+gaurav.kansal=nic...@lists.isc.org
[mailto:bind-users-bounces+gaurav.kansal=nic...@lists.isc.org] On Behalf Of
Miek Gieben
Sent: Saturday, February 18, 2012 12:42 AM
To: bind-users@lists.isc.org
Subject: Re: A few conceptual question
[ Quoting at 00:36 on Feb 18 in "RE: A few
conceptual..." ]
> Firstly, where do we get the public key for the DS records?
>
> Can you clarify your question???
>
>
>
> Second, why do I get multiple DS records as response? –
>
> You will always get a 2 DS Records in response. One for SHA-1 and
Firstly, where do we get the public key for the DS records?
Can you clarify your question???
Second, why do I get multiple DS records as response? -
You will always get a 2 DS Records in response. One for SHA-1 and second for
SHA-256.
_
dig +dnssec -t DS isc.org @b0.org.afilia
Firstly, where do we get the public key for the DS records?
Second, why do I get multiple DS records as response? --
dig +dnssec -t DS isc.org @b0.org.afilias-nst.org.
; <<>> DiG 9.8.1 <<>> +dnssec -t DS isc.org @b0.org.afi
16 matches
Mail list logo
