AW: Specifying NSEC3 salt with dnssec-policy
Matthijs Mekking
matthijs at isc.org
Tue Oct 1 12:14:47 UTC 2024
On 10/1/24 09:44, Klaus Darilion wrote:
> Hi Matthijs!
>
> I always had the impression that dnssec-signzone is a stand-alone
> utility and signing is done either with dnssec-signzone or with
> Bind's dnssec-policy. Does it really work to use dnssec-signzone on a
> zone and journal that is managed by named?
No, it doesn't work like that. You turn off automatic signing and use
dnssec-signzone manually to sign the zone.
I was under the impression that you needed to sign a zone with a
specific salt. dnssec-signzone can do that for you.
Best regards,
Matthijs
>
> Regards Klaus
>
More information about the bind-users
mailing list