dnssec questions
Alan Clegg
aclegg at isc.org
Fri Aug 27 16:32:36 UTC 2010
On 8/27/2010 11:42 AM, CT wrote:
> Per my isc class and the book I received by Jeremy C. Reid ..
> you still need to "include" your keys in the zone file either
>
> via
> $include <dir>/KSK
> $include <dir>/ZSK1
> $include <dir>/ZSK2
> or
> (cat *.key > allkeys) which is what I have done..
> $include <dir>/allkeys
>
> I thought the use of -S (smart signing) that this was no longer
> necessary ..?
If you use "-S", dnssec-signzone pulls the keys into the zone file based
on the timing metadata. You don't need to $INCLUDE the keys any longer.
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100827/ce58fa9b/attachment.bin>
More information about the bind-users
mailing list