ed an unsafe time based rollover, assuming the DS would be published
>>> withing a certain time. In 9.16.7 a new rndc command "rndc dnssec
>>> -checkds" was introduced to tell BIND 9 that the DS for a given key has
>>> been published.
>>>
>>> Bes
en key has
been published.
Best regards,
Matthijs
On 23-12-2020 09:53, Daniel Stirnimann wrote:
Hi all,
I'm testing the key rollover behavior of BIND 9.16 with the new
introduced "dnssec-policy" statement.
The ISC DNSSEC Guide, chapter Working with the Parent Zone (2) [1] s
for a given key has
> been published.
>
> Best regards,
>
> Matthijs
>
> On 23-12-2020 09:53, Daniel Stirnimann wrote:
>> Hi all,
>>
>> I'm testing the key rollover behavior of BIND 9.16 with the new
>> introduced "dnssec-policy" stateme
en key has
been published.
Best regards,
Matthijs
On 23-12-2020 09:53, Daniel Stirnimann wrote:
Hi all,
I'm testing the key rollover behavior of BIND 9.16 with the new
introduced "dnssec-policy" statement.
The ISC DNSSEC Guide, chapter Working with the Parent Zone (2) [1] s
Hi all,
I'm testing the key rollover behavior of BIND 9.16 with the new
introduced "dnssec-policy" statement.
The ISC DNSSEC Guide, chapter Working with the Parent Zone (2) [1] states:
"At the time of this writing (mid-2020) BIND does not check for the
presence of a DS record in
5 matches
Mail list logo
