Is it possible to use one KSK for multiple domains?
Niall O'Reilly
Niall.oReilly at ucd.ie
Thu Nov 20 15:24:21 UTC 2008
On Thu, 2008-11-20 at 14:15 +0100, Adam Tkac wrote:
> It isn't possible to validate myzone1.tld. with key from other zone,
> for example myzone2.tld., is it?
No, but Chris explained better than I did what I had in mind.
On Thu, 2008-11-20 at 11:43 +0000, Chris Thompson wrote:
> the DNSKEY records for the KSK(s) (or ZSK(s), for that matter) could
> have identical rdata in different zones: i.e. they could specify the
> same
> encryption key. Whether this would be a *good* thing to do is
> doubtful:
/Niall
More information about the bind-users
mailing list