On 19. 10. 22 19:48, Mark Andrews wrote:
Just reload the server.
+1
with the does the DS record need to be touched? i.e., will the changed to
nsec3param change the zone's KSK?
Let me add that no, DS record is not affected at all by NSEC or NSEC3.
dnssec-policy management is doing a nice
On 19. 10. 22 19:48, Mark Andrews wrote:
Just reload the server.
On 20 Oct 2022, at 01:45, PGNet Dev wrote:
with the does the DS record need to be touched? i.e., will the changed to
nsec3param change the zone's KSK?
Let me add that no, DS record is not affected at all by NSEC or NSEC3.
Just reload the server.
--
Mark Andrews
> On 20 Oct 2022, at 01:45, PGNet Dev wrote:
>
> running
>
>bind 9.18.7
>
> i've enabled dnssec-policy signing
>
> current KSK & ZSK keys had been generated with
>
>dnssec-policy "prod01" {
>...
>nsec3param iterations 5
running
bind 9.18.7
i've enabled dnssec-policy signing
current KSK & ZSK keys had been generated with
dnssec-policy "prod01" {
...
nsec3param iterations 5 optout no salt-length 8;
...
}
noting
Change default for
4 matches
Mail list logo
