Using one key to sign multiple zones (aka key sharing)

Hello, I've tried to sign multiple zones using the same key. But it seems that currently Bind does not allow this. Is this a omission or by design ? I know OpenDNSSEC can do this, and IIRC there is nothing in the RFC's that disallow key sharing. Regards, Tim -- Tim Verhoeven - tim

Re: bind 9.7, dnssec and multiple key directories and resalt NSEC3

On Fri, Jun 4, 2010 at 1:18 PM, Phil Mayers wrote: > On 04/06/10 11:11, Tim Verhoeven wrote: >> >> I'm currently testing the automatic signing for DNSSEC present in Bind >> 9.7. I'm currently using Bind 9.7.0 and I have 2 questions. >> >> The first on

bind 9.7, dnssec and multiple key directories and resalt NSEC3

on. I've tried doing a resalt using dynamic updates but I can't get it to work. Just adding a new NSEC3PARAM RR crashes Bind and doing a delete and then a add (to replace the present RR) gives me a servfail but I see the updats in the log. What is the correct way to do a resalt when using