Hello,
I've tried to sign multiple zones using the same key. But it seems
that currently Bind does not allow this. Is this a omission or by
design ? I know OpenDNSSEC can do this, and IIRC there is nothing in
the RFC's that disallow key sharing.
Regards,
Tim
--
Tim Verhoeven -
Named is written such that each DNSKEY has its own key files. This
stores meta data about the DNSKEY. There is nothing to prevent on
extracting the RSA key pair and re-using it for a differnet DNSKEY.
We just don't have a tool to do this.
If you are using a HSM then using dnssec-keyfromlabel
2 matches
Mail list logo
