On 12/21/2012 7:37 PM, Alan Clegg wrote:
On Dec 22, 2012, at 12:42 PM, Evan Hunt wrote:
By setting dnssec-dnskey-kskonly, you are telling it to use the KSK as
a(mother) ZSK.
You're thinking of "update-check-ksk". "dnssec-dnskey-kskonly" tells
named not to use the ZSK when it signs the DNSKEY
On 12/21/2012 6:42 PM, Evan Hunt wrote:
By setting dnssec-dnskey-kskonly, you are telling it to use the KSK as
a(mother) ZSK.
You're thinking of "update-check-ksk". "dnssec-dnskey-kskonly" tells
named not to use the ZSK when it signs the DNSKEY RRset, but it should
still use the ZSK (and not th
On 12/21/2012 3:56 PM, Alan Clegg wrote:
On Dec 22, 2012, at 9:52 AM, Kyle Brantley wrote:
# named.conf
options {
[...]
dnssec-enable yes;
dnssec-validation yes;
dnssec-secure-to-insecure yes;
dnssec-dnskey-kskonly yes;
}
By setting dnssec-dnskey-kskonly, you are telling
I've generated a KSK as well as a ZSK and configured bind to maintain
the keys.
# named.conf
options {
[...]
dnssec-enable yes;
dnssec-validation yes;
dnssec-secure-to-insecure yes;
dnssec-dnskey-kskonly yes;
}
[...]
zone "averageurl.com." IN {
type master;
4 matches
Mail list logo
