Key rollover for inline signing zones

Stuart at Stuart at
Wed Oct 28 23:40:16 UTC 2020

Manual steps?

  *   Generate keys (dnssec-keygen)
     *   Set appropriate Publish and Activation times with the arguments
  *   Set appropriate de-activation and removal times on existing keys (dnssec-settime)

BIND should do the rest. You can use rndc loadkeys <zone> to hurry up the automation a little bit, but there’s really not much to it.

You might want to have a read through for some more details on the concepts involved, and for more inline-signing specific steps.


From: bind-users <bind-users-bounces at> on behalf of rams <bramesh80 at>
Date: Wednesday, 28 October 2020 at 7:47 pm
To: bind-users <bind-users at>
Subject: Key rollover for inline signing zones

Notice: This email is from an external sender.

Can anyone share the steps and commands for key rollover for inline signing zones in bind by manual/auto.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list