alex at net-me.net
Mon Jun 18 14:58:55 UTC 2012
Is it possible with BIND to perform "Single Type Signing Key rollover"
as described in chapter 4.1.4 of rfc4641bis-11:
(The idea is to have zone with single key instead of ZSK/KSK pair)
There is a second variety of this rollover, during which one
introduces a new DNSKEY into the key set and signs the ****key set with
both keys while signing the zone data with only the original
DNSKEY_S_1*** * One replaces the DNSKEY_S_1 signatures with signatures
made with DNSKEY_S_2 at the moment of DNSKEY_S_1 removal.
As far as I understand, it's not possible with BIND, am I getting it right ?
Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users