Hi,

I'm looking at creating "identical zones" with two independantly
developed dnssec signers (bind + opendnssec). I stumbled upon three
differences, one of which might be a bug in bind.

opendnssec does not easilly allow the DNSKEY RRset to be signed with
both KSK and ZSK. So I was looking at using the "-x" option with
dnssec-signzone, but it seems that at least for my commandline
invocation, that this option is completely ignored. The version used
is 9.7.4.

Does anyone use dnssec-signzone with -x? If so, can you check/tell me
your DNSKEY RRset? And if it works, could you reveal the full
commandline argument used, the bind version, and whether any pkcs#11
provider was compiled in?

Thanks,

Paul

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to