How to generate ZSK key with one year valid

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

How to generate ZSK key with one year valid

rams
Hi,
Can anyone help me how to generate ZSK key with one year validity?
When I am trying , it is default 30 days validity but i want to make ZSK key validity 1 year. Is it possible in bind?

Regards,
Ramesh

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How to generate ZSK key with one year valid

Ed Daniel
On 13/11/2020 13:08, rams wrote:
> Hi,
> Can anyone help me how to generate ZSK key with one year validity?
> When I am trying , it is default 30 days validity but i want to make ZSK
> key validity 1 year. Is it possible in bind?
>
> Regards,
> Ramesh

Hi Ramesh,

Are you using the CLI-based tool dnssec-keygen ?

dnssec-keygen
https://linux.die.net/man/8/dnssec-keygen


Timing Options
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the
argument begins with a '+' or '-', it is interpreted as an offset from
the present time. For convenience, if such an offset is followed by one
of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is
computed in years (defined as 365 24-hour days, ignoring leap years),
months (defined as 30 24-hour days), weeks, days, hours, or minutes,
respectively. Without a suffix, the offset is computed in seconds.

-R date/offset
Sets the date on which the key is to be revoked. After that date, the
key will be flagged as revoked. It will be included in the zone and will
be used to sign it.

HTH,
esdaniel
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How to generate ZSK key with one year valid

Ondřej Surý
In reply to this post by rams
Ramesh,

DNSKEY records doesn’t have validity (only the metadata do), so perhaps it would be a good time to describe what you are doing, what you are expecting and what you are experiencing.

Letting us guessing all of these is waste of our and your time and it is bit disrespectful to anybody willing to help you.

Ondrej
--
Ondřej Surý — ISC (He/Him)

> On 13. 11. 2020, at 14:08, rams <[hidden email]> wrote:
>
> 
> Hi,
> Can anyone help me how to generate ZSK key with one year validity?
> When I am trying , it is default 30 days validity but i want to make ZSK key validity 1 year. Is it possible in bind?
>
> Regards,
> Ramesh
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users