I just did the same operation in our BIND servers, converted all DNSSEC enabled
zones with different algorithms to KASP/dnssec-policy and ecdsa256/13.
All I did was replaced the two lines in named.conf:
inline-signing yes;
auto-dnssec maintain;
to
dnssec-policy "ecdsa256";
And of
Dear all,
I followed now the series here (again, thanks a lot to make this public!):
https://www.youtube.com/watch?v=MheHMWCOTvE&list=PLUwyH0o3uuICgnbQj_lQajRI_CzewZr7q
Just now I only sign one domain which is using the "auto-dnssec maintain;".
What I understood from the series is that KASP does
2 matches
Mail list logo