DNSSEC setup for stealth master and multi slave/recursive - Multiple DS keys?

Greetings! I have what is hopefully a simple question regarding proper setup around DNS. I feel somewhat comfortable navigating around BIND but possibly am getting confused around the DNSSEC portion. This is for an internally facing DNS, not exposed to the internet. High level setup is as foll

Re: DNSSEC setup for stealth master and multi slave/recursive - Multiple DS keys?

j Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 8. 2. 2024, at 20:56, Jordan Larson via bind-users > wrote: > > Greetings! > I have what is hopefully a simple

Re: DNSSEC setup for stealth master and multi slave/recursive - Multiple DS keys?

Please do not feel obligated to reply outside your normal working hours. > On 8. 2. 2024, at 20:56, Jordan Larson via bind-users > wrote: > > Greetings! > I have what is hopefully a simple question regarding proper setup around > DNS. I feel somewhat comfortable navigating

Re: DNSSEC setup for stealth master and multi slave/recursive - Multiple DS keys?

ot; wrote: Jordan Larson via bind-users wrote: > Was I wrong to enable “inline-signing yes” for my slave zones? I would assume > each slave would need its own DS key? Can I do that? That sounds very wrong. Your zone shall have one DNSsec key, or set of keys, that is the same on all slave servers