On 12/28/23 12:58, Adrian Zaugg wrote:
Hi Nick
Not changing the key algo does help indeed when introducing dnssec-policy, see
the log below. Thank you very much for pointing this out.
But I do not understand why BIND deletes valid and published keys, just
because there should be another algo us
Hi Nick
Not changing the key algo does help indeed when introducing dnssec-policy, see
the log below. Thank you very much for pointing this out.
But I do not understand why BIND deletes valid and published keys, just
because there should be another algo used. Couldn't this be done in a smooth
> On 28 Dec 2023, at 1:05 PM, Adrian Zaugg
> wrote:
>
> 2023-12-27 23:51:24: zone myzone.ch/IN (signed): reconfiguring zone keys
> 2023-12-27 23:51:24: keymgr: retire DNSKEY myzone.ch/ECDSAP256SHA256/14076
> (KSK)
> 2023-12-27 23:51:24: keymgr: retire DNSKEY myzone.ch/ECDSAP256SHA256/3654
> (Z
3 matches
Mail list logo
