Named is written such that each DNSKEY has its own key files. This stores meta data about the DNSKEY. There is nothing to prevent on extracting the RSA key pair and re-using it for a differnet DNSKEY. We just don't have a tool to do this.
If you are using a HSM then using dnssec-keyfromlabel multiple times with the same label will do the same thing. It basically comes down to whether you are working with a DNSKEY or a RSA key and where the meta data is stored. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
