Am 09.05.2017 um 06:52 schrieb Gordon Messmer:
>> You might also want to take a look at the dnssec-keymgr utility:
>> https://ftp.isc.org/isc/bind9/9.11.1/doc/arm/man.dnssec-keymgr.html
>
> That looks great. Red Hat is shipping bind 9.9, so I hadn't seen it.
> I'd imagine it doesn't actually dep
On 05/08/2017 03:22 AM, Tony Finch wrote:
Gordon Messmer wrote:
After new keys are introduced, and after the old key has expired,
Wait right there!
dnssec-settimes has two times that are usually relevant to the old key
when rolling keys: the retire time and the delete time. (There's also a
re
Gordon Messmer wrote:
>
> After new keys are introduced, and after the old key has expired,
Wait right there!
dnssec-settimes has two times that are usually relevant to the old key
when rolling keys: the retire time and the delete time. (There's also a
revocation time but we don't need to worry
3 matches
Mail list logo
