Key rollover for inline signing zones
Stuart at registry.godaddy
Stuart at registry.godaddy
Wed Oct 28 23:40:16 UTC 2020
Manual steps?
* Generate keys (dnssec-keygen)
* Set appropriate Publish and Activation times with the arguments
* Set appropriate de-activation and removal times on existing keys (dnssec-settime)
BIND should do the rest. You can use rndc loadkeys <zone> to hurry up the automation a little bit, but there’s really not much to it.
You might want to have a read through https://kb.isc.org/docs/aa-00822 for some more details on the concepts involved, and https://kb.isc.org/docs/aa-00711 for more inline-signing specific steps.
Stuart
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of rams <bramesh80 at gmail.com>
Date: Wednesday, 28 October 2020 at 7:47 pm
To: bind-users <bind-users at isc.org>
Subject: Key rollover for inline signing zones
Notice: This email is from an external sender.
Hi,
Can anyone share the steps and commands for key rollover for inline signing zones in bind by manual/auto.
Regards,
Ramesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20201028/2b31fbcc/attachment.htm>
More information about the bind-users
mailing list