Hi Klaus,

On 10-08-2021 13:38, Klaus Darilion wrote:
Hi Matthijs!

We would like to encourage you to change your configurations to 'dnssec-policy'. See this KB article for migration help:

https://kb.isc.org/docs/dnssec-key-and-signing-policy

Some comments to this KB article and dnssec-policy:

- The article should mention how to retrieve the DS record from
Bind.

I am not sure what you are asking. Do you mean how to convert the DS
from the DNSKEY record so you can submit it to the registrar?


- How does Bind handle duplicate keyids when generating new keys?
Will Bind ensure that there will not be any duplicate key ideas or
will it just use the duplicate keys? In the latter case the " rndc
dnssec -checkds -key 12345 ..." commands will be ambiguous. (From an
user perspective duplicate keyids should be avoided)

BIND will check for key id collision. When a conflict (for the same
algorithm) is detected a new key will be generated.

Best regards,
  Matthijs



Thanks Klaus

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to