Using one key to sign multiple zones (aka key sharing)

2010-10-13 Thread Tim Verhoeven 
Hello,

I've tried to sign multiple zones using the same key. But it seems
that currently Bind does not allow this. Is this a omission or by
design ? I know OpenDNSSEC can do this, and IIRC there is nothing in
the RFC's that disallow key sharing.

Regards,
Tim

-- 
Tim Verhoeven - tim.verhoeven...@gmail.com - 0479 / 88 11 83

Hoping the problem  magically goes away  by ignoring it is the
microsoft approach to programming and should never be allowed.
(Linus Torvalds)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind 9.7, dnssec and multiple key directories and resalt NSEC3

2010-06-04 Thread Tim Verhoeven 
On Fri, Jun 4, 2010 at 1:18 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
 On 04/06/10 11:11, Tim Verhoeven wrote:

 I'm currently testing the automatic signing for DNSSEC present in Bind
 9.7. I'm currently using Bind 9.7.0 and I have 2 questions.

 The first one, can I configure multiple key directories? The reasoning
 for this is that I would like to seperate the KSK's from the ZSK's.
 And this to be able to not have the KSK's present all the time by
 putting them on a removable media. For the ZSK's I have no choice
 since I will be doing dynamic updates.
 Or are there other means to do this except from adding and removing
 the KSK's when needed ?

 Symlinks to the KSK in another directory?

A good one, why haven't I thought of that myself ;-)

Thanks,
Tim

-- 
Tim Verhoeven - tim.verhoeven...@gmail.com - 0479 / 88 11 83

Hoping the problem  magically goes away  by ignoring it is the
microsoft approach to programming and should never be allowed.
(Linus Torvalds)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users