It is certainly possible, but it requires some manual changes to the respective public and private key files to match the zones.
But I would concur with Chuck that the benefit from doing so is nonexistent and unless you have specific strong reasons to do so, it’s better to have a separate key-pair for every signed zone. Ondrej -- Ondřej Surý — ISC > On 7 Dec 2019, at 18:36, Chuck Aurora <c...@nodns4.us> wrote: > > On 2019-12-07 08:24, Elimar Riesebieter wrote: >> is it possible to have one key pair for DNSSEC to sign subdomains in >> different zonefiles? > > IIUC how it works, the generation of a key pair includes the zone name, > so no, I do not think it is possible. Also, and more to the point, > there's no benefit to what you are asking. > > What is the problem you are hoping to solve? If we know that perhaps > we can suggest something else. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
