Hi,
No.
You don't need DNSSEC maintenance on your secondary zones if you already
have set it on your primary zones. So
zone "***" {
type secondary;
primaries { ***; };
file "***.db";
};
is enough.
Best regards,
Matthijs.
On 12/9/22 09:58, adrien sipasseuth wrote:
Hi
Hi Matthijs,
thank you, so just to confirm something like this should work :
Master :
dnssec-policy "test" {
keys {
ksk lifetime P3D algorithm rsasha256 2048;
zsk lifetime P2D algorithm rsasha256 1024;
};
};
zone "**" {
type master;
file
Hi Adrien,
You should **not** copy the dnssec-policy configuration to your
secondaries. They transfer in the signed zone from the primary server.
Best regards,
Matthijs
On 12/9/22 09:24, adrien sipasseuth wrote:
Hello,
Lokking for some guidance, sorry if i use the wrong way to contact
Hello,
Lokking for some guidance, sorry if i use the wrong way to contact community
user support.
I would like to set up DNSSEC using KASP.
I have an architecture with a master and several slaves.
Here is my policy and zone configuration:
dnssec-policy "test" {
keys {
ksk
4 matches
Mail list logo
