dnssec-keymgr
CT
bindu at obsd.tk
Thu Oct 18 20:45:21 UTC 2018
I have a working test box based on:
http://bind-users-forum.2342410.n4.nabble.com/Automatic-Key-Management-td4317.html
https://kb.isc.org/docs/aa-00711
It appears that the dnssec-keymgr will keep track of the ZSK keys but
I will need to re-sign the zone
on changes or weekly.
Current zsk creation script doesn't always get the timing correct
Current box now uses dnssec-signzone
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K private
example.net
via script to change the serial # and resign the zone .
Is it a better way to use rndc |?
rndc loadkeys example.net||
rndc signing -nsec3param 1 0 10 03F92714 example.net.|
||Thx
CT
On 10/18/18 12:05 PM, CT wrote:
> All.
> Not much on the subject other than a few posts.
> didn't find anything in my last ARM search either..
>
> Thx
> CT
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181018/472605f8/attachment.html>
More information about the bind-users
mailing list