Hi, "You configure parental agents and named will check which DS’s are published. Named won’t complete the roll until it knows the new DS is published." => what is parental agent ? i don't find this term in Bind documentation. >From what I understand, you have to specify to Bind that the new DS is published with the command: rndc dnssec -checkds -key <id new ksk> published <my-zone>
"If it was me, I'd set the KSK to not roll-over automatically, and instead create a recurring reminder for yourself to initiate the KSK roll-over manually? That way you'd never get caught out with a KSK roll-over happening when you weren't prepared for it? " => I don't know if I can get a policy for ZSK and a manual method for KSK. >From what I understand if I want to use a policy I have to remove "auto-dnssec maintain;" which is necessary for the manual method right? In the meantime, I wonder if I can't stay on the manual method even with a bind 9.18? I read that the auto-dnssec directive might disappear in favor of dnssec-policy. Does that mean that it might not be possible to do it manually anymore? source here => https://kb.isc.org/v1/docs/dnssec-key-and-signing-policy Regards, Adrien Le jeu. 9 févr. 2023 à 10:35, Mark Andrews <ma...@isc.org> a écrit : > You configure parental agents and named will check which DS’s are > published. Named won’t complete the > roll until it knows the new DS is published. > > > On 9 Feb 2023, at 19:49, Nick Tait via bind-users < > bind-users@lists.isc.org> wrote: > > > > On 9/02/23 05:17, adrien sipasseuth wrote: > >> so it works BUT I need to know more than 48h in advance that the > rollover is starting to submit the new KSK to my registar. > >> > >> How can I set this up if it's not with "public-safety"? > > If it was me, I'd set the KSK to not roll-over automatically, and > instead create a recurring reminder for yourself to initiate the KSK > roll-over manually? That way you'd never get caught out with a KSK > roll-over happening when you weren't prepared for it? > > -- > > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
