I have a working test box based on:
http://bind-users-forum.2342410.n4.nabble.com/Automatic-Key-Management-td4317.html
https://kb.isc.org/docs/aa-00711
It appears that the dnssec-keymgr will keep track of the ZSK keys but
I will need to re-sign the zone
on changes or weekly.
Current zsk creation script doesn't always get the timing correct
Current box now uses dnssec-signzone
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K private
example.net
via script to change the serial # and resign the zone .
Is it a better way to use rndc |?
rndc loadkeys example.net||
rndc signing -nsec3param 1 0 10 03F92714 example.net.|
||Thx
CT
On 10/18/18 12:05 PM, CT wrote:
All.
Not much on the subject other than a few posts.
didn't find anything in my last ARM search either..
Thx
CT
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
