AW: How to prepublish additional DNSKEY
shuque at gmail.com
Thu Jul 9 11:43:50 UTC 2020
On Thu, Jul 9, 2020 at 6:44 AM Daniel Stirnimann <
daniel.stirnimann at switch.ch> wrote:
> On 09.07.20 11:51, Klaus Darilion wrote:
> >>> So, how is the correct process to add an additional DNSKEY (only the
> >> key is known).
> >> I think you are looking for `dnssec-importkey`.
> > Indeed. I imported the key and got a .key and .private file. I put those
> files in the same directory as the other keys, gave read permissions to
> bind and executed:
> > rndc loadkeys myzone
> > rndc sign myzone
> > But the additional key is not added to the reponse of DNSKEY queries.
> Does the key have correct timing metadata in the key file?
> Have a look at "dnssec-settime".
You can also set the timing metadata with dnssec-importkey itself (so that
you don't have to separately run dnssec-settime), e.g. to activate key 5
minutes from now:
dnssec-importkey -P +5mi -K Kexample.com.+013+23941.key
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users