Hello Is it possible with BIND to perform "Single Type Signing Key rollover" as described in chapter 4.1.4 of rfc4641bis-11:
(The idea is to have zone with single key instead of ZSK/KSK pair) There is a second variety of this rollover, during which one introduces a new DNSKEY into the key set and signs the ****key set with both keys while signing the zone data with only the original DNSKEY_S_1*** * One replaces the DNSKEY_S_1 signatures with signatures made with DNSKEY_S_2 at the moment of DNSKEY_S_1 removal. As far as I understand, it's not possible with BIND, am I getting it right ? Thanks in advance, Alexander Gurvitz, net-me.net
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
