Manual steps?
* Generate keys (dnssec-keygen)
* Set appropriate Publish and Activation times with the arguments
* Set appropriate de-activation and removal times on existing keys
(dnssec-settime)
BIND should do the rest. You can use rndc loadkeys <zone> to hurry up the
automation a little bit, but there’s really not much to it.
You might want to have a read through https://kb.isc.org/docs/aa-00822 for some
more details on the concepts involved, and https://kb.isc.org/docs/aa-00711 for
more inline-signing specific steps.
Stuart
From: bind-users <[email protected]> on behalf of rams
<[email protected]>
Date: Wednesday, 28 October 2020 at 7:47 pm
To: bind-users <[email protected]>
Subject: Key rollover for inline signing zones
Notice: This email is from an external sender.
Hi,
Can anyone share the steps and commands for key rollover for inline signing
zones in bind by manual/auto.
Regards,
Ramesh
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
