Hi Simon, > Each zone file should > be signed with its own ZSK, yet all ZSKs should be signed by a single > KSK. What configuration steps are necessary to prevent OpenDNSSEC from > generating an entirely new ZSK/KSK key-pair each time?
There is the <ShareKeys/> element in the <Keys> section as was there in ODS 1.4. And it behaves mostly the same: both KSK ans ZSK will be shared. So it does not match your requirements. If you don't mind me asking, what are your motivations for not sharing ZSKs as well? Regards, Yuri
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
