Hello,
Lokking for some guidance, sorry if i use the wrong way to contact community user support. I would like to set up DNSSEC using KASP. I have an architecture with a master and several slaves. Here is my policy and zone configuration: dnssec-policy "test" { keys { ksk lifetime P3D algorithm rsasha256 2048; zsk lifetime P2D algorithm rsasha256 1024; }; }; zone "**************" { type master; file "/*******/*****.db"; notify yes; key-directory "/******/******/"; inline-signing yes; dnssec-policy test; }; after restart, it seems ok, keys are generated on master, no errors in logs etc. I copied this policy, the keys and the zone configuration on each of my slaves then I restarted my slaves everything seems ok (in the logs). except that now I wonder if the keys on each of my slaves will be generated independently from those of my master. In this case, I will end up with different keys for the same zone depending on the slave1 / slave2 etc / master. I suppose that it is not good because we should have for the same zone, a pair of keys and this one should be copied on each slaves? There some tuto / documentation about how to setup KASP in master / slaves topology ? Sorry if it's not enough clear... Thank you *Adrien SIPASSEUTH*
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users