Hey again!
On 03.03.25 3:18 PM, Matthijs Mekking wrote:
> Hi Bernd,
>
> Sorry for taking a long time to answer these questions:
>
No worries I had/have not time pressure.
>> 1) Timing Options:
>>
>> I didn't grasped yet all the defaults and their calculated interaction
>> when I let `bind9` ma
On 24.02.25 9:47 AM, Matthijs Mekking wrote:
> Hi Bernd,
>
Hey Matthijs,
Why not let us start all over again :) (I really do thank you so much
for taking the time!)
> Non-signing keys (for example a stand-by key), is a bit tricky in
> dnssec-policy and not fully supported.
>
> In 9.18, I woul
On 24.02.25 11:51 AM, Bernd Naumann wrote:
>
> Mhm. But *how* is *everyone else* using DNSSEC then?
>
https://www.ripe.net/manage-ips-and-asns/dns/dnssec/dnssec-policy-and-practice-statement/#DNSSECPolicyandPracticeStatement-KeySigningKeyRoll-over
Does someone know any other go
On 24.02.25 11:22 AM, Matthijs Mekking wrote:
>> But what I don't understand; RFC 7583 explicit mentioned pre-publish of
>> DSDATA of ZSK, but not for KSK (IIUC)?
>
> And I am confused about the phrase "DSDATA of ZSK".
Sorry I'm not fully confident yet about the wording here and there...
I thing
new auto generated key got
auto added to trust-anchros?)
I've added my KSK to the trust-anchor as initial-key and `rdnc
manged-keys` picked that up... (Btw: Can I change to
30-day-delay-till-trust-established? Like to 1 days for testing purpose?)
Thanks again,
Bernd
> Best regards,
>
RFC 7583: DNSSEC Key Rollover Timing Considerations [1]
describes the various roll-over strategies and the key states...
[1] https://www.rfc-editor.org/rfc/rfc7583.html
OpenPGP_signature.asc
Description: OpenPGP digital signature
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to u
I've followed the ARM and the DNSSEC Guide, as well as some ISC KB blog
posts.
What I got working on BIND 9.18.33:
* adding a dnsssec-policy
* adding a zone using that dnssec-policy
- setting only SOA, NS, and the for NS for a minimal zone
* reload zone
I got an KSK and ZSK; the zone
7 matches
Mail list logo
