wbr...@e1b.org <wbr...@e1b.org> wrote: > We are authoritative for a few dozen small zones. Is it possible to use > the same KSK for all of them? I can see where if it gets compromised we > would need to resign all zones using the KSK at once. How much effort > would I be saving sharing the KSK?
With BIND it is much easier not to share keys - the easy-to-use signing features (auto-dnssec maintain and dnssec-signzone -S) rely on key filenames that contain the zone name. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Forth, Tyne, Dogger, Northwest Fisher: Northwesterly, veering northeasterly, 4 or 5, occasionally 6 in Dogger. Slight or moderate, occasionally rough at first. Showers. Good. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
