<div dir="ltr">
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>Hello,</span></p><p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span><br><span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>Lokking for some guidance, sorry if i use the
wrong way to contact </span>community user support.</p><p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><br><span><span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>I would like to set up DNSSEC using KASP.<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>I have an architecture with a master and
several slaves.<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>Here is my policy and zone configuration:<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New"">dnssec-policy "test" {<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""> keys {<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""> ksk
lifetime P3D algorithm rsasha256 2048;<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""> zsk
lifetime P2D algorithm rsasha256 1024;<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""> };<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New"">};<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""><span> </span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New"">zone "**************" {<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""> type master;<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""> file "/*******/*****.db";<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""> notify yes;<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""> key-directory
"/******/******/";<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""> inline-signing yes;<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""> dnssec-policy test;<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New"">};</span></p><p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-size:10pt;font-family:"Courier New""><br><span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>after restart, it seems ok, keys are generated
on master, no errors in logs etc.<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>I copied this policy, the keys and the zone
configuration on each of my slaves then I restarted my slaves everything seems ok (in the logs).<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>except that now I wonder if the keys on each of
my slaves will be generated independently from those of my master.</span></p><p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span><br><span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>In this case, I will end up with different keys
for the same zone depending on the slave1 / slave2 etc / master. I suppose that
it is not good because we should have for the same zone, a pair of keys and
this one should be copied on each slaves?<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>There some tuto / documentation about how to
setup KASP in master / slaves topology ?</span></p><p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span><br><span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>Sorry if it's not enough clear...</span></p><p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span><br><span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span>Thank you<span></span></span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><span> </span></p>
<p class="MsoNormal" style="margin:0cm;font-size:11pt;font-family:"Calibri",sans-serif"><b><span style="font-size:10pt;font-family:"Verdana",sans-serif;color:black">Adrien SIPASSEUTH<span></span></span></b></p>
</div>