Thanks for your help, I noticed a small regex which modified my
configuration file thus causing errors.
On 22 April 2012 17:03, Mark Elkins <m...@posix.co.za> wrote:
> On Sun, 2012-04-22 at 16:31 +0100, Damian Myerscough wrote:
> > Thanks a lot, I have now resolved this issue. However, I was following
> > the DNSSEC in 6 minutes guide [1]
> > for learning purposes and I have followed all the steps up to "you are
> > now serving DNSSEC signed zones".
>
> Reading the presentation - which dates itself....
>
> Slide 16, rather use
> dnsseckeygen -a RSASHA256 -b 1024 -n ZONE zonename (for ZSK)
>
> Slide - 18: Also use RSASHA256 for the KSK. I personally use just 2048
> bits for the KSK.
>
> This avoids you having to do an algorithm rollover - which is a royal
> pain in the proverbial. Its also what the 'root' uses.
> ('dig @i.root-servers.net. . dnskey' gives:
> 'DNSKEY 257 3 8' - and - 'DNSKEY 256 3 8')
> The '8' part is algo RSASHA256, you probably have a '5' there.
>
>
>
>
>
> --
> . . ___. .__ Posix Systems - (South) Africa
> /| /| / /__ m...@posix.co.za - Mark J Elkins, Cisco CCIE
> / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Regards,
Damian Myerscough
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
