[Opendnssec-user] Publish keys with domanhanteraren

Rickard Bondesson rickard.bondesson at iis.se
Wed Aug 12 10:48:21 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [...]
> > And dnscheck gives:
> > 
> http://dnscheck.iis.se/?time=1250071868&id=233758&view=advanced&test=s
> > tandard
> >
> >
> > I'm not sure how to interpret this but it seames to me the zone is 
> > still signed with nsec3 which is not supported?
> > It this right or is there something else that is wrong?
> > Please advise and how do I see this for sure, could some 
> one educate me?
> You are right in that NSEC3 is not supported at the 
> Domänhanteraren nor the dnscheck.iis.se - although this has 
> been fixed in both you will have to wait until our operations 
> team do its September release.

Mattias is using NSEC but with key algo 7, which is an alias for 5. So you could sign a zone with key algo 7 but still use NSEC and not NSEC3.

// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBSoKd9eCjgaNTdVjaAQjWSAf9GWKDWunQBNyAVVEe2TXH7yfnAwXJwc6+
+QDo1LVrSiqNXneRCG/qg6xX/OlAjJ3lu6F4ANqLbtmuADeoMi2QcLcd4LMYZzGm
4j9bl7dHitNjfTZzKVqTFzkUKpoqvjSI9NEbgsi6rfj/yKtJuqC5XF7DBi687ew8
qSTpdiD2xPHB8sm4BwQMxPXWI8KZ0ZzR3XYCqsCf3hfH/Tbz6tu2qyGsO+SJgKOv
xyIB0DsAWAltMV1mayBjFWxYSLF23PZB1fOIzr12DO3tyScPlrrurawRHuP0MfdN
bQiIfzJ8QoEoD4Y6CxiiOxM2dvZl0xYYgXQ7g1b9PcIyqC1RzxiBHw==
=YPQG
-----END PGP SIGNATURE-----



More information about the Opendnssec-user mailing list