dnssec KSK rollover
Tony Finch
dot at dotat.at
Thu Aug 23 11:33:07 UTC 2018
project722 <project722 at gmail.com> wrote:
>
> In my named.conf I changed:
>
> dnssec-validation yes;
>
> to
>
> dnssec-validation auto;
Good :-)
Next thing to do is delete all trace of managed-keys or mkeys files or
trusted-keys configuration, then restart `named`. It will automatically
create managed-keys files with the correct contents - it has the current
root KSKs built in, so you don't need the bind.keys file.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
South Fitzroy: Northerly or northeasterly 5 or 6. Slight or moderate.
Occasional drizzle. Good, occasionally poor at first.
More information about the bind-users
mailing list