On 04/25/2022 8:31 am, The Doctor via bind-users wrote:
Any easy repices to get your domains DNSSEC compilant?
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici
doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware
AntiChrist rising!
Look at Psalms 14 and 53 on Atheism
https://www.empire.kred/ROOTNK?t=94a1f39b
God will not fix the vessel which insists it isn't broken. -unknown
Beware https://mindspring.com
I'm just using the dnssec-policy stuff with 9.18, and manually add the
DS records to my registrar
(Google in my case), and ARIN for my IPv4 block, and my provider for the
delegated IPv6 block.
dnssec-policy "ler2" {
keys {
ksk lifetime unlimited algorithm 13;
zsk lifetime 90d algorithm 13;
};
// Key timings
dnskey-ttl 3600;
publish-safety 1h;
retire-safety 1h;
purge-keys P90D;
// Signature timings
signatures-refresh 5d;
signatures-validity 14d;
signatures-validity-dnskey 14d;
// Zone parameters
max-zone-ttl 86400;
zone-propagation-delay 300;
// Parent parameters
parent-ds-ttl 3600;
parent-propagation-delay 300;
nsec3param iterations 0 salt-length 0;
};
If I can help, let me know.
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: l...@lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
