Hi Thomas,
Your policy requests four keys in two algorithms: rsasha1 and
ecdsap256sha256. The keys that are being retired are of algorithm
rsasha256. Because the existing algorithms don't match the policy, they
are being retired.
In other words, it doesn't look like the existing keys were of
Howdy,
I have a domain which is being signed automatically using auto-dnssec on an
older bind9, it uses RSASHA1 keys. Now the registry requires us to move to a
more secure algorithm. Therefore I updated bind to bind9.16.6. Now I could
switch to dnssec-policy, however if I change the algorithm,
2 matches
Mail list logo