Hi,
I'm looking at creating "identical zones" with two independantly developed dnssec signers (bind + opendnssec). I stumbled upon three differences, one of which might be a bug in bind. opendnssec does not easilly allow the DNSKEY RRset to be signed with both KSK and ZSK. So I was looking at using the "-x" option with dnssec-signzone, but it seems that at least for my commandline invocation, that this option is completely ignored. The version used is 9.7.4. Does anyone use dnssec-signzone with -x? If so, can you check/tell me your DNSKEY RRset? And if it works, could you reveal the full commandline argument used, the bind version, and whether any pkcs#11 provider was compiled in? Thanks, Paul _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users