<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">I have a working test box based on:<br>
<a class="moz-txt-link-freetext" href="http://bind-users-forum.2342410.n4.nabble.com/Automatic-Key-Management-td4317.html">http://bind-users-forum.2342410.n4.nabble.com/Automatic-Key-Management-td4317.html</a><br>
<a class="moz-txt-link-freetext" href="https://kb.isc.org/docs/aa-00711">https://kb.isc.org/docs/aa-00711</a><br>
<br>
It appears that the dnssec-keymgr will keep track of the ZSK
keys but I will need to re-sign the zone <br>
on changes or weekly.<br>
Current zsk creation script doesn't always get the timing correct
<br>
<br>
Current box now uses dnssec-signzone <br>
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K private
example.net<br>
via script to change the serial # and resign the zone .<br>
<br>
Is it a better way to use rndc <code class=" language-shell">?<br>
<br>
rndc loadkeys example.net</code><code class=" language-shell"><br>
rndc signing -nsec3param 1 0 10 03F92714 example.net.</code><br>
<code class=" language-shell"></code>Thx <br>
CT<br>
<br>
On 10/18/18 12:05 PM, CT wrote:<br>
</div>
<blockquote type="cite"
cite="mid:9ddfe564-3a21-d14c-bc10-3561a295daa1@obsd.tk">All.
<br>
Not much on the subject other than a few posts.
<br>
didn't find anything in my last ARM search either..
<br>
<br>
Thx
<br>
CT
<br>
_______________________________________________
<br>
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to
unsubscribe from this list
<br>
<br>
bind-users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
<br>
</blockquote>
<br>
</body>
</html>