On 03/08/2012 18:00, John Marshall wrote:
> On 03/08/2012 09:28, John Marshall wrote:
>> The behaviour of the dsset file generation appears to be unaffected by
>> the smart signing switch (-S). The generated dsset file includes all
>> KSK's found in the key repository (-K) irrespective of any timin
On 03/08/2012 09:28, John Marshall wrote:
> The behaviour of the dsset file generation appears to be unaffected by
> the smart signing switch (-S). The generated dsset file includes all
> KSK's found in the key repository (-K) irrespective of any timing
> metadata (e.g. deleted). The dnssec-settime
Context: BIND 9.8.3-P2
If dnssec-signzone is invoked with -S (smart signing), it examines keys
in the key repository directory (-K) and selects only current keys for
inclusion in the zone. That works well. It also generates DS records for
the parent zone and lands them in a dsset file in (-d).
Th
3 matches
Mail list logo
