On 01/12/11 16:07, Mark Elkins wrote:
>---
>
> So now I want to resign the zone. Its already signed. How can I do that
> without having to have the Private KSK still around. I'd have thought
> that I'd just perhaps need the Private ZSK around to re-sign
There are some parts of Key management with DNSSEC that I don't quite
get - so I'm hoping for some feedback. I'm using BIND 9.7.2-P3 and
running "dnssec-signzone -3 "abcd" -o example.com -p -t -A example.com"
I believe that:-
1 - The KSK is used to sign the ZSK.
2 - The ZSK is used to sign the re
2 matches
Mail list logo
