DNSSEC Generating Zone Key hanging

Damian Myerscough damian.myerscough at gmail.com
Sun Apr 22 18:08:24 UTC 2012 

Thanks for your help, I noticed a small regex which modified my
configuration file thus causing errors.

On 22 April 2012 17:03, Mark Elkins <mje at posix.co.za> wrote:

> On Sun, 2012-04-22 at 16:31 +0100, Damian Myerscough wrote:
> > Thanks a lot, I have now resolved this issue. However, I was following
> > the DNSSEC in 6 minutes guide [1]
> > for learning purposes and I have followed all the steps up to "you are
> > now serving DNSSEC signed zones".
>
> Reading the presentation - which dates itself....
>
> Slide 16, rather use
> dnssec­keygen ­-a RSASHA256 ­-b 1024 -­n ZONE zonename   (for ZSK)
>
> Slide - 18: Also use RSASHA256 for the KSK. I personally use just 2048
> bits for the KSK.
>
> This avoids you having to do an algorithm rollover - which is a royal
> pain in the proverbial. Its also what the 'root' uses.
> ('dig @i.root-servers.net. . dnskey' gives:
> 'DNSKEY 257 3 8' - and - 'DNSKEY 256 3 8')
> The '8' part is algo RSASHA256, you probably have a '5' there.
>
>
>
>
>
> --
>  .  .     ___. .__      Posix Systems - (South) Africa
>  /| /|       / /__       mje at posix.co.za  -  Mark J Elkins, Cisco CCIE
> / |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



-- 
Regards,
Damian Myerscough
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120422/39557a1c/attachment.html>

More information about the bind-users mailing list