On 13/11/2020 13:08, rams wrote: > Hi, > Can anyone help me how to generate ZSK key with one year validity? > When I am trying , it is default 30 days validity but i want to make ZSK > key validity 1 year. Is it possible in bind? > > Regards, > Ramesh
Hi Ramesh, Are you using the CLI-based tool dnssec-keygen ? dnssec-keygen https://linux.die.net/man/8/dnssec-keygen Timing Options Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24-hour days, ignoring leap years), months (defined as 30 24-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. -R date/offset Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it. HTH, esdaniel _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
