Am 09.05.2017 um 06:52 schrieb Gordon Messmer:
>> You might also want to take a look at the dnssec-keymgr utility:
>> https://ftp.isc.org/isc/bind9/9.11.1/doc/arm/man.dnssec-keymgr.html
>
> That looks great. Red Hat is shipping bind 9.9, so I hadn't seen it.
> I'd imagine it doesn't actually dep
On 05/08/2017 03:22 AM, Tony Finch wrote:
Gordon Messmer wrote:
After new keys are introduced, and after the old key has expired,
Wait right there!
dnssec-settimes has two times that are usually relevant to the old key
when rolling keys: the retire time and the delete time. (There's also a
re
Gordon Messmer wrote:
>
> After new keys are introduced, and after the old key has expired,
Wait right there!
dnssec-settimes has two times that are usually relevant to the old key
when rolling keys: the retire time and the delete time. (There's also a
revocation time but we don't need to worry
I'm working on a script that automatically renews DNS keys:
https://bitbucket.org/gordonmessmer/update-dns-keys/src
After new keys are introduced, and after the old key has expired, the
old keys are removed (at job, lines 122 and 123). When the expired keys
are removed from the filesystem, na
4 matches
Mail list logo
