On Wed, Jun 24, 2009 at 05:45:33PM +0200, holger.zule...@arcor.net wrote: > I have some issues with dnssec-signzone under BIND 9.7.0a1. > > I'm using different algorithms for key- and zone signing keys.
That's a problem. > Does it mean that it is no longer possible to use different key algorithms > in one zone? You can use multiple algorithms in a zone, but each algorithm must be represented as both KSK and ZSK. If you have an RSASHA1 KSK, an RSAMD5 KSK, an RSASHA1 ZSK and an RSAMD5 ZSK, you'll be fine. But if all your KSKs are RSASHA1 and all your ZSK's are RSAMD5, that's actually a protocol violation. dnssec-signzone should have been complaining all along; it was a bug that it didn't. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
