Hello,
For 3) automate zone signing and zsk roll-over
I know of no tools that are readily available
- there are appliances (look in the IPAM world of products), that handle
DNSSEC for you.
However, I have in our “DNSSEC workshop” course environment a setup that
looks at time stamps of Linux
Played with OpenDNSSEC - and was a bit disappointed. Actually flew to
Sweden and attended the course. It works - but acts like a black box -
you don't have any finger-poking ability when things go wrong (for fun -
we deleted a key out of the HSM - bad idea!)
I don't like having to run everything D
McConville, Kevin wrote:
>
> 1) Is there any way to have the zsk be auto-generated based upon the
> inactive date listed in the zsk meta-data?
Not yet, though I believe this feature is on the wish list.
> 2) With a static zone, are the update-policy local and auto-dnssec
> maintain options inv
3 matches
Mail list logo
