On Mon, 4 Jun 2012, Matthijs Mekking wrote:
What does the signconf file for nohats.ca and the other zone look like?
Attached the nohats.ca one. The zone is stock default, eg:
<Zone name="nohats.ca">
<Policy>default</Policy>
<SignerConfiguration>/var/opendnssec/signconf/nohats.ca.xml</SignerConfiguration>
<Adapters>
<Input>
<File>/etc/nsd/nohats.ca</File>
</Input>
<Output>
<File>/var/opendnssec/signed/nohats.ca</File>
</Output>
</Adapters>
</Zone>
The policy "default" is also stock.
Paul<SignerConfiguration>
<Zone name="nohats.ca">
<Signatures>
<Resign>PT7200S</Resign>
<Refresh>PT604800S</Refresh>
<Validity>
<Default>PT1209600S</Default>
<Denial>PT1209600S</Denial>
</Validity>
<Jitter>PT43200S</Jitter>
<InceptionOffset>PT3600S</InceptionOffset>
</Signatures>
<Denial>
<NSEC3>
<Hash>
<Algorithm>1</Algorithm>
<Iterations>5</Iterations>
<Salt>715e22f77cc2f0d7</Salt>
</Hash>
</NSEC3>
</Denial>
<Keys>
<TTL>PT3600S</TTL>
<Key>
<Flags>257</Flags>
<Algorithm>8</Algorithm>
<Locator>095e4736b9eb593b2fe83f9aa876412d</Locator>
<KSK />
<Publish />
</Key>
<Key>
<Flags>256</Flags>
<Algorithm>8</Algorithm>
<Locator>1c3bfb14fed753656fbdc7ed77bcca7b</Locator>
<Publish />
</Key>
</Keys>
<SOA>
<TTL>PT3600S</TTL>
<Minimum>PT3600S</Minimum>
<Serial>unixtime</Serial>
</SOA>
</Zone>
</SignerConfiguration>
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
