Hi all, does anyone know if is it possible to sign multiple domains with one KSK?
If I understand correctly what RFC 4034, section 2.1.1 says "... If bit 7 has value 1, then the DNSKEY record holds a DNS zone key, and the DNSKEY RR's owner name MUST be the name of a zone..." it is impossible. Each zone has to have his own KSK and ZSK pair, hasn't it? Regards, Adam -- Adam Tkac, Red Hat, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
