20 Led
2017
20 Led
'17
12:26
Thank you very much every one for help!
This is the magic command, which I could not find.
For Anand: I need it for child zone delegation, like: gov.liberland.cz
Now it works: http://dnssec-debugger.verisignlabs.com/gov.liberland.cz
Thank you again, regards
Jakub
Dne 19.1.2017 v 22:16 daniel.salzman(a)nic.cz napsal(a):
Hello Jakub,
You can use dnssec-dsfromkey command from Bind utils:
echo "liberland.cz. 3600 DNSKEY 257 3 13
ei9T3egqng+nlAHeNfF6BzggGCyvS2lU5ih2BZuvkzFGxkBdUJ0blgSiW5iYIROvAEHQv5Ls3sNPA9JIt8iRjg=="
./key.txt
dnssec-dsfromkey -f ./key.txt
liberland.cz
Or some online converter (e.g. filippo.io/dnskey-to-ds).
Daniel
On 2017-01-19 21:08, Jakub Andrys wrote:
> Hi,
> can someone please give me any explanation (or command) how my domain
> registrator got from this record what i give him:
> liberland.cz. 3600 DNSKEY 257 3 13
>
ei9T3egqng+nlAHeNfF6BzggGCyvS2lU5ih2BZuvkzFGxkBdUJ0blgSiW5iYIROvAEHQv5Ls3sNPA9JIt8iRjg==
>
>
> this record:
> liberland.cz. 17999 IN DS 21107 13 2
> 9405F3324FDCE3F0CC4E5D94CBFB5D8A4F211E3010D447B5FD73765F9EEC20EB
> ???
>
> I want sign child zones but I can't find where i get hash
> ,,9405F3324FDCE3F0CC4E5D94CBFB5D8A4F211E3010D447B5FD73765F9EEC20EB"
>
> And algorithm in RFC:
> https://tools.ietf.org/html/rfc4034#section-5.4
>
> digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
> "|" denotes concatenation
> DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.
>
> doesn't help me :-/
>
> Thanks and regards,
> Jakub
> _______________________________________________
> knot-dns-users mailing list
> knot-dns-users(a)lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users