[Opendnssec-user] Publish keys with domanhanteraren
Mattias Andersson
mattias at nonetwork.se
Wed Aug 12 11:03:58 UTC 2009
Thank you for the explanation Rickard.
A follow up question then.
Is there some way I can configure opendnssec to use key algo 5 instead
of 7 since domanhanteraren does not seam to understand this at the moment?
/Mattias
Rickard Bondesson skrev:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>
>> [...]
>>
>>> And dnscheck gives:
>>>
>>>
>> http://dnscheck.iis.se/?time=1250071868&id=233758&view=advanced&test=s
>>
>>> tandard
>>>
>>>
>>> I'm not sure how to interpret this but it seames to me the zone is
>>> still signed with nsec3 which is not supported?
>>> It this right or is there something else that is wrong?
>>> Please advise and how do I see this for sure, could some
>>>
>> one educate me?
>> You are right in that NSEC3 is not supported at the
>> Domänhanteraren nor the dnscheck.iis.se - although this has
>> been fixed in both you will have to wait until our operations
>> team do its September release.
>>
>
> Mattias is using NSEC but with key algo 7, which is an alias for 5. So you could sign a zone with key algo 7 but still use NSEC and not NSEC3.
>
> // Rickard
> -----BEGIN PGP SIGNATURE-----
> Version: 9.8.3 (Build 4028)
> Charset: utf-8
>
> wsBVAwUBSoKd9eCjgaNTdVjaAQjWSAf9GWKDWunQBNyAVVEe2TXH7yfnAwXJwc6+
> +QDo1LVrSiqNXneRCG/qg6xX/OlAjJ3lu6F4ANqLbtmuADeoMi2QcLcd4LMYZzGm
> 4j9bl7dHitNjfTZzKVqTFzkUKpoqvjSI9NEbgsi6rfj/yKtJuqC5XF7DBi687ew8
> qSTpdiD2xPHB8sm4BwQMxPXWI8KZ0ZzR3XYCqsCf3hfH/Tbz6tu2qyGsO+SJgKOv
> xyIB0DsAWAltMV1mayBjFWxYSLF23PZB1fOIzr12DO3tyScPlrrurawRHuP0MfdN
> bQiIfzJ8QoEoD4Y6CxiiOxM2dvZl0xYYgXQ7g1b9PcIyqC1RzxiBHw==
> =YPQG
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
More information about the Opendnssec-user
mailing list