Phil Mayers wrote:
>
> I first create and publish a new ZSK with no activation date. After waiting
> the requisite amount of time, I use dnssec-settime:
>
> dnssec-settime -A K
> dnssec-settime -I K
> rndc sign
>
> ...and bind immediately starts using the new key for sigs. After 0.75*30 days,
> a
We have a hidden master doing DNSSEC on our zones, and I've observe the
following problem when doing a ZSK rollover.
Zones are updated from our database using DDNS, and bind of course is
(re)generating the signatures at the standard intervals.
I first create and publish a new ZSK with no acti
2 matches
Mail list logo