[nsd-users] DNSSEC KSK Rollover
Paul Wouters
paul at nohats.ca
Thu Apr 9 23:32:49 UTC 2015
On Thu, 9 Apr 2015, Michael A. Peters wrote:
> I have been trying to figure out how to get dig or another utility to check
> whether or not the DS information from the new key has been uploaded to the
> registrar but I'm at a loss.
>
> Anyone know how to check whether or not the DS information from a given key
> is live and in the DNS system?
[root at ns0 nsd]# grep DNSKEY /var/opendnssec/signed/nohats.ca |grep 257 >/tmp/mykey
[root at ns0 nsd]# ldns-key2ds /tmp/mykey
Knohats.ca.+008+01321
[root at ns0 nsd]# cat Knohats.ca.+008+01321.ds
nohats.ca. 3600 IN DS 1321 8 2 b7890a1e7b4ce1d671795d5fd46a71f229c58025587bec4eeb70ccda9233011c
[root at ns0 nsd]# dig +short ds nohats.ca
1321 8 2 B7890A1E7B4CE1D671795D5FD46A71F229C58025587BEC4EEB70CCDA
9233011C
Someone should fix ldns-key2ds to take stdin :)
Paul
More information about the nsd-users
mailing list