DNSSEC - First Signature

Posted by Arancha on Server Fault See other posts from Server Fault or by Arancha
Published on 2010-11-29T14:04:31Z Indexed on 2011/02/19 23:26 UTC
Read the original article Hit count: 258

Filed under:

keys

|

dnssec

I'm testing DNSSEC with Bind 9.7.2-P2. I have a question regarding the first signature created over a zone that already exists. I'm using dynamic DNS.

I create the first two keys: one KSK and one ZSK. According to https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-key-timing/, the first ZSK needs to be published for an interval equal to Ipub, before it can be active.

I create the ZSK with a Publication date previous to its Activation date. I restart the service and I can see that the key is published at Publication date, but it's no active later, when Activation date arrives.

This is the configuration of the zone dnssec.es at the named.conf file:

zone "dnssec.es" {
  auto-dnssec maintain;
  update-policy local;
  sig-validity-interval 1;
  key-directory "dnssec/keys_dnssec";
  type master;
  file "dnssec/db.dnssec.es";
};

Any clue??

Regards

© Server Fault or respective owner

Related posts about keys

F3-F5 keys incorrectly behaving as audio keys

as seen on Super User - Search for 'Super User'
I don't know if this is a configuration issue or a hardware issue, but I have a Kinesis Advantage USB keyboard and for some reason the F3-F5 keys aren't responding as they used to. They don't respond to anything and, when I tried using F5 on Emacs, it said <XF86AudioNext> is undefined, so I… >>> More
Rejuvenated: Script Creates and Drops for Candidate Keys and Referencing Foreign Keys

as seen on SQL Blog - Search for 'SQL Blog'
Once upon a time it was 2004, and I wrote what I have to say was a pretty cool little script . (Yes, I know the post is dated 2006, but that's because I dropped the ball and failed to back-date the posts when I moved them over here from my prior blog space.) The impetus for creating this script was… >>> More
Fix Firefox Not Scrolling with Up/Down Arrow Keys or Home/End Keys

as seen on How to geek - Search for 'How to geek'
If you’ve encountered a problem where your Firefox installation no longer scrolls when you use the up or down arrow keys, and even the Home or End keys don’t work anymore, there’s an easy fix. When this problem happens, you’ll notice that moving the arrow keys around just… >>> More
Entity Framework and multi-tenancy database design

as seen on Stack Overflow - Search for 'Stack Overflow'
I am looking at multi-tenancy database schema design for an SaaS concept. It will be ASP.NET MVC - EF, but that isn't so important. Below you can see an example database schema (the Tenant being the Company). The CompanyId is replicated throughout the schema and the primary key has been placed on… >>> More
Update multiple rows with known keys without inserting new rows if nonexistent keys are found

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, Let's imagine that we have table items... table: items item_id INT PRIMARY AUTO_INCREMENT title VARCHAR(255) views INT Let's imagine that it is filled with something like (1, item-1, 10), (2, item-2, 10), (3, item-3, 15) I want to make multi update view for this items from data taken… >>> More

Related posts about dnssec

DNSSEC - Ad Flag not activated

as seen on Server Fault - Search for 'Server Fault'
Hi all, I have some doubts regarding DNSSEC. I have one server acting as an Authoritative Name Server and another one as a Cache/Resolver. I'm using Bind 9.7.1-P2 and these are my configuration files: Named.conf (Authoritative Server) // Opciones de configuracion del servidor include "/etc/rndc… >>> More
How to find domain registrar and DNS hosting with good DNSSEC support?

as seen on Pro Webmasters - Search for 'Pro Webmasters'
Simplified problem I want to buy a domain and make a website that is fully secured with DNSSEC. Background I've been hearing about the insecurity of DNS for years. I've watched all of the talks by Dan Kaminsky and others from DNS exploits to The future of DNS Security Panel. I knew that using DNS… >>> More
DNSCurve vs DNSSEC

as seen on Server Fault - Search for 'Server Fault'
Can someone informed, please give a lengthy reply about the differences and advantages/disadvantages of both approaches? I am not a DNS expert, not a programmer. I have a decent basic understanding of DNS, and enough knowledge to understand how things like the kaminsky bug work. From what I understand… >>> More
DNSSEC - What doesn't it cover?

as seen on Server Fault - Search for 'Server Fault'
I'm currently revising for an exam to do with DNS/DNSSEC. While I know DNSSEC provides various security enhancements for DNS, I would like to dive a bit deeper(for my own thirst for knowledge!) and would like to know what is still problematic security wise even after DNSSEC is employed? After all… >>> More
Debian DNSSEC - howto secure a domain?

as seen on Server Fault - Search for 'Server Fault'
I have a beginner question about DNSSEC. I have much experience with TLS and cryptography-stuff and would like to try out this new technology. I have googled very much about this but I haven't found useful information for me. I think one confusion in information gathering is that "Debian howto DNSSEC… >>> More