[Yeti DNS Discuss] 答复: Multiple ZSK experiment (MZSK) launching today

Davey Song(宋林健) ljsong at biigroup.cn
Mon Feb 22 06:03:00 UTC 2016


Currently BII and WIDE only use KSK to sign the dnskey. But TISF use zsk
sign dnskey as well. I think that is the difference. Should DMs use the
unified way for key signing process?

Davey

-----邮件原件-----
发件人: discuss [mailto:discuss-bounces at lists.yeti-dns.org] 代表 Stephane
Bortzmeyer
发送时间: 2016年2月21日 0:20
收件人: dbgong
抄送: discuss
主题: Re: [Yeti DNS Discuss] Multiple ZSK experiment (MZSK) launching today

On Fri, Feb 19, 2016 at 05:43:52PM +0800,  dbgong <dbgong at biigroup.cn> wrote
a message of 144 lines which said:

> The response message size is 1471(include 6 zsks, 1 KSK, and 1 RRSIG).

A bit more for me (there are two signatures):

% dig DNSKEY .

; <<>> DiG 9.10.3-P3 <<>> DNSKEY .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12935 ;; flags: qr rd ra
ad; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION:
;.			IN DNSKEY

...
;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Sat Feb 20 16:11:53 UTC 2016
;; MSG SIZE  rcvd: 1629
_______________________________________________
discuss mailing list
discuss at lists.yeti-dns.org
http://lists.yeti-dns.org/mailman/listinfo/discuss





More information about the discuss mailing list