AW: AW: How to prepublish additional DNSKEY

2020-07-15 Thread Klaus Darilion
Thanks - now it works. Klaus Von: Shumon Huque Gesendet: Donnerstag, 9. Juli 2020 13:44 An: Daniel Stirnimann Cc: Klaus Darilion ; bind-users@lists.isc.org Betreff: Re: AW: How to prepublish additional DNSKEY On Thu, Jul 9, 2020 at 6:44 AM Daniel Stirnimann mailto:daniel.stirnim...@switch.ch

Re: AW: How to prepublish additional DNSKEY

2020-07-09 Thread Shumon Huque
On Thu, Jul 9, 2020 at 6:44 AM Daniel Stirnimann < daniel.stirnim...@switch.ch> wrote: > > On 09.07.20 11:51, Klaus Darilion wrote: > >>> So, how is the correct process to add an additional DNSKEY (only the > public > >> key is known). > >> > >> I think you are looking for `dnssec-importkey`. > >

Re: AW: How to prepublish additional DNSKEY

2020-07-09 Thread Daniel Stirnimann
On 09.07.20 11:51, Klaus Darilion wrote: >>> So, how is the correct process to add an additional DNSKEY (only the public >> key is known). >> >> I think you are looking for `dnssec-importkey`. > > Indeed. I imported the key and got a .key and .private file. I put those > files in the same direc

AW: How to prepublish additional DNSKEY

2020-07-09 Thread Klaus Darilion
> > So, how is the correct process to add an additional DNSKEY (only the public > key is known). > > I think you are looking for `dnssec-importkey`. Indeed. I imported the key and got a .key and .private file. I put those files in the same directory as the other keys, gave read permissions to bi

Re: How to prepublish additional DNSKEY

2020-07-08 Thread Shumon Huque
On Wed, Jul 8, 2020 at 11:33 AM Tony Finch wrote: > Klaus Darilion wrote: > > > > A signed zone shall be moved to another DNS provider. Hence I want to > > add the public KSK of the gaining DNS provider as additional DNSKEY to > > the zone. > > I guess you might already have seen this draft - it

Re: How to prepublish additional DNSKEY

2020-07-08 Thread Tony Finch
Klaus Darilion wrote: > > A signed zone shall be moved to another DNS provider. Hence I want to > add the public KSK of the gaining DNS provider as additional DNSKEY to > the zone. I guess you might already have seen this draft - it discusses long-term multi-provider setups rather than transition

How to prepublish additional DNSKEY

2020-07-08 Thread Klaus Darilion
Hello all! A signed zone shall be moved to another DNS provider. Hence I want to add the public KSK of the gaining DNS provider as additional DNSKEY to the zone. My setup ist: Bind1 as hidden primary --> Bind2 as bump-in-the-wire signer -> public facing secondaries I tried to add the DNSKEY t