To obtain a DS (Delegation Signer) record, you need to use the "pdnsutil show-zone" command.
The "show-zone" command will allow you to view your DS records for the domain. Please note that you will first need to secure the zone using the "pdnsutil secure-zone" command.
I've included an example below showing this process:
# pdnsutil secure-zone cpaneltestdom.tld
May 07 14:34:05 [bindbackend] Done parsing domains, 3 rejected, 10 new, 0 removed
Securing zone with default key size
Adding CSK (257) with algorithm ecdsa256
Zone cpaneltestdom.tld secured
Adding NSEC ordering information
The command "pdnsutil show-zone" can then be used to view the DS record:
# pdnsutil show-zone cpaneltestdom.tld
May 07 14:34:08 [bindbackend] Done parsing domains, 3 rejected, 10 new, 0 removed
This is a Master zone
Last SOA serial number we notified: 0 != 2020042901 (serial in the database)
Metadata items: None
Zone has NSEC semantics
keys:
ID = 1 (CSK), flags = 257, tag = 24684, algo = 13, bits = 256, created = 1588880045 Active ( ECDSAP256SHA256 )
CSK DNSKEY = cpaneltestdom.tld. IN DNSKEY 257 3 13 ajM9VLuEavs5vhRMNptCLEel8mXbBTHch24lZrpKcZZNBWFb/sgq8JJKl1o37bJpHEVzgLdIh+UpE4aXoP2cLw== ; ( ECDSAP256SHA256 )
DS = cpaneltestdom.tld. IN DS 24684 13 1 002ad4545ffc78c2a19853b4dd5b6b1db96e1c8a ; ( SHA1 digest )
DS = cpaneltestdom.tld. IN DS 24684 13 2 e867efb6aba7ffb976380b630900e9566837faf45f96dcdf5019550be00521d0 ; ( SHA256 digest )
DS = cpaneltestdom.tld. IN DS 24684 13 4 d8a8df891f520065b014f1e96346dce8431e9f06565a8f0ea0dd312d17d60c4a55478772cb23ecf2588c66184ec38cb0 ; ( SHA-384 digest )
Comments
0 comments
Article is closed for comments.