; You should **not** copy the dnssec-policy configuration to your
> secondaries. They transfer in the signed zone from the primary server.
>
> Best regards,
>
> Matthijs
>
>
> On 12/9/22 09:24, adrien sipasseuth wrote:
> > Hello,
> >
> >
> > Lokking for some gui
> zone "***" {
>type secondary;
>primaries { ***; };
> file "***.db";
> };
>
> is enough.
>
> Best regards,
>
> Matthijs.
>
> On 12/9/22 09:58, adrien sipasseuth wrote:
> > Hi Matthijs,
> >
> > thank
e.html#using-dig-to-verify
>
> My “flags” line does not show the “ad” flag as this is just a set of
> private servers on a local lan. I can’t submit the DNSSEC details upstream
> as described here:
>
>
> https://bind9.readthedocs.io/en/v9_18_9/dnssec-guide.html#uploading-in
Hi,
Ok, I got confused, no need for the keys on the slavs actually.
On the other hand, my slaves should generate the .signed, .signed.jnl and
.jbk files of my zones, no? currently it is not my case, should I copy them
from the master?
moreover, when I test a "dig A" I don't have the associated
copied on each slaves?
There some tuto / documentation about how to setup KASP in master / slaves
topology ?
Sorry if it's not enough clear...
Thank you
*Adrien SIPASSEUTH*
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this
Hello,
I put the management of DNSSEC with KASP, the zone is well functional. (dig
with "AD" flag etc)
On the other hand, I can't see when the key rollover period for my KSK is
over (2 KSKs with a dig DNSKEY...)
Without KASP, it was easy because I generated the second KSK key but with
KASP, it
ental-agents to do it for you.
>
> Best regards,
>
> Matthijs
>
> On 1/17/23 09:38, adrien sipasseuth wrote:
> > Hello,
> >
> > I put the management of DNSSEC with KASP, the zone is well functional.
> > (dig with "AD" flag etc)
> >
> &g
?
>
> In addition to the DNSKEY TTL yes. The successor KSK should be
> pre-published the sum of dnskey-ttl, publish-safety, and
> zone-propagation-delay, prior to its retirement.
>
> Best regards,
>
> Matthijs
>
> On 1/24/23 09:08, adrien sipasseuth wrote:
te: rumoured
DSState: hidden
GoalState: omnipresent
Regards Adrien
Le mar. 24 janv. 2023 à 15:18, adrien sipasseuth <
sipasseuth.adr...@gmail.com> a écrit :
> Hello,
>
> I don't why DSState: hidden, it's ok with some online check tools like :
> - https://dnssec-analyzer.ve
rit :
>
>
> On 1/24/23 15:18, adrien sipasseuth wrote:
> > Hello,
> >
> > I don't why DSState: hidden, it's ok with some online check tools like :
> > - https://dnssec-analyzer.verisignlabs.com/
> > <https://dnssec-analyzer.verisignlabs.com/>
> > -
s <
> bind-users@lists.isc.org> wrote:
> >
> > On 9/02/23 05:17, adrien sipasseuth wrote:
> >> so it works BUT I need to know more than 48h in advance that the
> rollover is starting to submit the new KSK to my registar.
> >>
> >> How ca
# question 3 #
In state file, when the remove date issue, can i just remove the key,
anything else to do ?
Regards,
Adrien SIPASSEUTH
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid sup
draw )" and wait until all RRSIG sign (with
the old KSK) expire. In that case, how can i check this ? (some dig command
? or check state file for "DSState: unretentive" ?)
regards,
Adrien
Le ven. 17 mai 2024 à 15:13, Matthijs Mekking a écrit :
> Hi,
>
> On 5/16/24 14:02
13 matches
Mail list logo