On 12 Sep 2012, at 23:19, Paul Wouters wrote: > > Hi, > > I'm looking at telling opendnssec to sign the DNSKEY RRset with both the > ZSK and KSK. > > The documentation at https://wiki.opendnssec.org/display/DOCS/signconf.xml > tells me to add "<ZSK/>" to the Keys section for the 257 flags. This did > not seem to work for me.
> However, this file is generated based on other xml files. Yeah - the enforcer will overwrite any user changes to these files so this isn't the way to go (we document them just to help with debugging)... > Is there a way > to specify this via a policy option in kasp.xml? My understanding is that the current (1.3 and 1.4) enforcer does not support it in the policy (even if the signer could support it in principle in the signconf.xml) but that should change in 2.0. Sara. > > Paul > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
