From d9b6be5bad0f60a3a45467df2b0264c6562ae535 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Wed, 21 Nov 2018 09:51:20 -0800 Subject: [PATCH] docs: add info on generating DS records Change-Id: Ie826e2c7b099d4dec5b778b1267f7b5c5a0a6bba --- doc/source/dns.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/source/dns.rst b/doc/source/dns.rst index 9ea1d7fd77..45125c3eee 100644 --- a/doc/source/dns.rst +++ b/doc/source/dns.rst @@ -37,4 +37,10 @@ Run:: And add the resulting files to the `dnssec_keys` key in the `group/adns.yaml` private hiera file on puppetmaster. +If you need to generate DS records for the registrar, identify which +of the just-created key files is the key-signing key (examine the +contents of the files and read the comments therein). Then run:: + + dnssec-dsfromkey -2 $KEYFILE + .. note:: This section will be expanded.