Key rollover for inline signing zones

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Key rollover for inline signing zones

rams
Hi,
Can anyone share the steps and commands for key rollover for inline signing zones in bind by manual/auto.

Regards,
Ramesh

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Key rollover for inline signing zones

Stuart@registry.godaddy

Manual steps?

 

  • Generate keys (dnssec-keygen)
    • Set appropriate Publish and Activation times with the arguments
  • Set appropriate de-activation and removal times on existing keys (dnssec-settime)

 

BIND should do the rest. You can use rndc loadkeys <zone> to hurry up the automation a little bit, but there’s really not much to it.

 

You might want to have a read through https://kb.isc.org/docs/aa-00822 for some more details on the concepts involved, and https://kb.isc.org/docs/aa-00711 for more inline-signing specific steps.

 

Stuart

 

From: bind-users <[hidden email]> on behalf of rams <[hidden email]>
Date: Wednesday, 28 October 2020 at 7:47 pm
To: bind-users <[hidden email]>
Subject: Key rollover for inline signing zones

 

Notice: This email is from an external sender.

 

Hi,

Can anyone share the steps and commands for key rollover for inline signing zones in bind by manual/auto.

 

Regards,

Ramesh


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users