Hi,
I have a DNS setup that looks like this:
Hidden master (BIND) [xfr]-> DNSSEC signer (OpenDNSSEC) [xfr]-> 4x
Public slaves (NSD, BIND, YADIFA, KNOT).
NSD, BIND and KNOT machines are receiving and serving zones without
problems, but YADIFA is not. This problem does not occur when set to
update
rving received zones with DNSSEC signatures.
Regards,
Djordje
On Wed, Mar 30, 2016 at 1:46 AM, Djordje Antic wrote:
> Hi,
>
> I have a DNS setup that looks like this:
>
> Hidden master (BIND) [xfr]-> DNSSEC signer (OpenDNSSEC) [xfr]-> 4x
> Public slaves (NSD, BIND, YADIFA
Hi,
I use OpenDNSSEC 2.1.3 and SoftHSM 2.3.0.
Is it possible to import externally pregenerated KSK/ZSK keys and use
them for signing, with automatic rollover between them?
I import them correctly to the SoftHSM and to the enforcer (in
generate or any other state) and the keys are properly seen