[Pdns-users] DNSSEC, wich key for the registrar
David REYNAUD
david at w3line.fr
Tue Mar 12 17:37:32 UTC 2019
Hi,
After enabling DNSEC for a zone, wich key should i setup/configure on the registrar database ?
When i do a < pdnsutil show-zone myzone.com > we have many keys. See sample below :
pdnsutil show-zone myzone.com
>This is a Native zone
>Metadata items:
> API-RECTIFY 1
> SOA-EDIT-API DEFAULT
>Zone has NSEC semantics
>keys:
>ID = 1 (CSK), flags = 257, tag = 58353, algo = 13, bits = 256 Active ( ECDSAP256SHA256 )
>CSK DNSKEY = myzone.com. IN DNSKEY 257 3 13 wwwwwwwwwwwwwwwww== ; ( ECDSAP256SHA256 )
>DS = myzone.com. IN DS 58353 13 1 xxxxxxxxxxxxx ; ( SHA1 digest )
>DS = myzone.com. IN DS 58353 13 2 yyyyyyyyyyyyyyyyyyy ; ( SHA256 digest )
>DS = myzone.com. IN DS 58353 13 4 zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz ; ( SHA-384 digest )
Should i copy/paste the key DNSKEY (ECDSAP256SHA256) or one of the three DS (SHA1 digest, SHA256 digest, SHA-384 digest) ?
Thanks for the help.
David REYNAUD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190312/6050475e/attachment-0001.html>
More information about the Pdns-users
mailing list