Y
> key record (or you where unlucky enough for named to check the available keys
> whiles there
> was only one active key present) resulting in named overriding the policy in
> named.conf.
>
> Mark
>
>> On 1 Sep 2021, at 03:44, Timothy A. Holtzen via bind-users
>>
I'm using Algorithm 8 RSA/SHA-256, and Algorithm 14 ECDSA/SHA-384. I
have one RSA KSK and one RSA ZSK. In addition I have two ECDSA KSK and
two ECDSA ZSK. The RSA KSK seems perfectly happy to sign the ECDSA
ZSKs. And both the RSA and ECDSA ZSKs seem to be singing records
correctly. It just se
I've had an issue with my key rotation process on a couple of zones. I
believe I've resolved that issue but it appears to me in several cases
the KSKs rather than being used to sign the ZSK are being used to sign
the zone records directly.
https://dnsviz.net/d/testmenwu.com/dnssec/?rr=2&a=all&ds=
3 matches
Mail list logo
