> What are other people using to automate key rollovers with 9.9? Michael: I automated mine by generating a set of 9 ZSKs and 2 KSKs for each zone in advance, setting the timing metadata to achieve a 90-day prepublication rollover cycle for the ZSKs and a 720-day rollover cycle for the KSKs. Once the keys are copied to a zone's key directory, bind takes care of the rollovers automatically. My domain registrar is GoDaddy.com, so I have to manually upload the DS records for the KSKs, but I only have a few domains, and the manual process is required only at 2-year intervals. I have a bash script that generates the keys and DS records using ISC's dnssec-keygen and dnssec-dsfromkey. Please contact me off list if you want a copy of it. Regards, Jeff.
Jeffry A. Spain Network Administrator Cincinnati Country Day School _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
