Re: [knot-dns-users] DS record digest

19 Led 2017

Hello Jakub,

You can use dnssec-dsfromkey command from Bind utils:

echo "liberland.cz. 3600 DNSKEY 257 3 13 
ei9T3egqng+nlAHeNfF6BzggGCyvS2lU5ih2BZuvkzFGxkBdUJ0blgSiW5iYIROvAEHQv5Ls3sNPA9JIt8iRjg=="

...
  ./key.txt dnssec-dsfromkey -f ./key.txt
liberland.cz

Or some online converter (e.g. filippo.io/dnskey-to-ds).

Daniel

On 2017-01-19 21:08, Jakub Andrys wrote:
...
  Hi,
 can someone please give me any explanation (or command) how my domain
 registrator got from this record what i give him:
 liberland.cz.           3600    DNSKEY  257 3 13
 ei9T3egqng+nlAHeNfF6BzggGCyvS2lU5ih2BZuvkzFGxkBdUJ0blgSiW5iYIROvAEHQv5Ls3sNPA9JIt8iRjg==

 this record:
 liberland.cz.           17999   IN      DS      21107 13 2
 9405F3324FDCE3F0CC4E5D94CBFB5D8A4F211E3010D447B5FD73765F9EEC20EB
 ???

 I want sign child zones but I can't find where i get hash
 ,,9405F3324FDCE3F0CC4E5D94CBFB5D8A4F211E3010D447B5FD73765F9EEC20EB"

 And algorithm in RFC:
 https://tools.ietf.org/html/rfc4034#section-5.4

 digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
 "|" denotes concatenation
 DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.

 doesn't help me :-/

 Thanks and regards,
 Jakub
 _______________________________________________
 knot-dns-users mailing list
 knot-dns-users(a)lists.nic.cz
 https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Re: [knot-dns-users] DS record digest