On Dec 8, 2009, at 2:03 AM, xu dong wrote: > Hi folks, i have a question about signing zone files with the ksk and the > zsk, as i know,when signing the zone files i have to use the ksk and zsk > both,just as following: > > dnssec-signzone -o domain-name -t -k KSK zone-name ZSK > but i want to sign the ZSK with KSK first,and then sign the zone files with > zsk,so how can i do?
Why do you want to sign with one key at a time? The default behavior is to sign just the dnskey RRSet with the KSK, and to sign the whole zone with the ZSK, all in one go. Chris Buxton Professional Services Men & Mice _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users