[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[public-dns-discuss] Re: DNS Configuration



There are a bunch of problems with your configuration, http://dnsviz.net/d/cpss.co/XDyj7A/dnssec/ shows some of them.

While it is possible to DNSSEC-sign your domains separately with different keys on each name server, this is not generally advised (and for proper functionality, requires that the two name servers cross-sign each others DNSKEY RRsets).

You should do the DNSSEC-signing on one name server, set it up as a primary, and the other as a secondary which will transfer the zones. Once that is set up, you can register the DS record for your domain's KSK (key-signing DNSKEY, the one with 257, not 256) with eNom and you should have a working DNSSEC configuration.


--
You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-discuss+unsubscribe AT googlegroups.com.
To post to this group, send email to public-dns-discuss AT googlegroups.com.
Visit this group at https://groups.google.com/group/public-dns-discuss.
To view this discussion on the web visit https://groups.google.com/d/msgid/public-dns-discuss/81441846-d339-48a0-95f3-9fed46cea986%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.