[KASP] setup KASP in master / slave architecture
adrien sipasseuth
sipasseuth.adrien at gmail.com
Fri Dec 9 08:24:42 UTC 2022
Hello,
Lokking for some guidance, sorry if i use the wrong way to contact community
user support.
I would like to set up DNSSEC using KASP.
I have an architecture with a master and several slaves.
Here is my policy and zone configuration:
dnssec-policy "test" {
keys {
ksk lifetime P3D algorithm rsasha256 2048;
zsk lifetime P2D algorithm rsasha256 1024;
};
};
zone "**************" {
type master;
file "/*******/*****.db";
notify yes;
key-directory "/******/******/";
inline-signing yes;
dnssec-policy test;
};
after restart, it seems ok, keys are generated on master, no errors in logs
etc.
I copied this policy, the keys and the zone configuration on each of my
slaves then I restarted my slaves everything seems ok (in the logs).
except that now I wonder if the keys on each of my slaves will be generated
independently from those of my master.
In this case, I will end up with different keys for the same zone depending
on the slave1 / slave2 etc / master. I suppose that it is not good because
we should have for the same zone, a pair of keys and this one should be
copied on each slaves?
There some tuto / documentation about how to setup KASP in master / slaves
topology ?
Sorry if it's not enough clear...
Thank you
*Adrien SIPASSEUTH*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221209/b04d80ee/attachment.htm>
More information about the bind-users
mailing list