dnssec KSK rollover

Tony Finch dot at dotat.at
Thu Aug 23 11:33:07 UTC 2018

project722 <project722 at gmail.com> wrote:
> In my named.conf I changed:
> dnssec-validation yes;
> to
> dnssec-validation auto;

Good :-)

Next thing to do is delete all trace of managed-keys or mkeys files or
trusted-keys configuration, then restart `named`. It will automatically
create managed-keys files with the correct contents - it has the current
root KSKs built in, so you don't need the bind.keys file.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
South Fitzroy: Northerly or northeasterly 5 or 6. Slight or moderate.
Occasional drizzle. Good, occasionally poor at first.

More information about the bind-users mailing list