Is it possible to use one KSK for multiple domains?
Adam Tkac
atkac at redhat.com
Wed Nov 19 20:55:52 UTC 2008
Hi all,
does anyone know if is it possible to sign multiple domains with one KSK?
If I understand correctly what RFC 4034, section 2.1.1 says "... If bit 7
has value 1, then the DNSKEY record holds a DNS zone key, and the DNSKEY
RR's owner name MUST be the name of a zone..." it is impossible. Each zone
has to have his own KSK and ZSK pair, hasn't it?
Regards, Adam
--
Adam Tkac, Red Hat, Inc.
More information about the bind-users
mailing list