Hi,
On 02-02-2021 18:16, @lbutlr wrote:
On 02 Feb 2021, at 07:36, Matthijs Mekking wrote:
If the PDF is not working for you, perhaps https://bind9.readthedocs.io/ suits
you better?
The PDF works fine, and I can search for "dnssec" and "policy" but it is using
some emdash or similar
On 02 Feb 2021, at 07:36, Matthijs Mekking wrote:
> If the PDF is not working for you, perhaps https://bind9.readthedocs.io/
> suits you better?
The PDF works fine, and I can search for "dnssec" and "policy" but it is using
some emdash or similar character for the - in between which makes
On 02-02-2021 14:40, @lbutlr wrote:
On 02 Feb 2021, at 02:23, Matthijs Mekking wrote:
1. Create a dnssec-policy that matches your current keys (so in your case
algorithm 7, also make sure you use the same length).
So I guess something like:
dnssec-policy alg13-ksk-unlimited-zsk-60day
On 02 Feb 2021, at 02:23, Matthijs Mekking wrote:
> 1. Create a dnssec-policy that matches your current keys (so in your case
> algorithm 7, also make sure you use the same length).
>
> So I guess something like:
>
>dnssec-policy alg13-ksk-unlimited-zsk-60day {
>keys {
>
On 01-02-2021 17:34, @lbutlr wrote:
On 01 Feb 2021, at 07:14, Matthijs Mekking wrote:
Depends on what your DNSSEC configuration is. Are you using
dnssec-signzone/named? auto-dnssec maintain? inline-signing?
dnssec-policy? dnssec-keymgr?
These are all good questions, and when I set this up
On 02/02/2021 12:10 am, @lbutlr wrote:
> I've been using alg-7 for DNS, but that is no longer recommended. How
> difficult is it to change the signing algorithm and what is the process (Bind
> 9.16.11)?
I migrated recently from Alg8 to Alg13, no drama.. My registry does not
have a user
On 01 Feb 2021, at 07:14, Matthijs Mekking wrote:
> Depends on what your DNSSEC configuration is. Are you using
> dnssec-signzone/named? auto-dnssec maintain? inline-signing? dnssec-policy?
> dnssec-keymgr?
These are all good questions, and when I set this up I could have answered with
some
Hi,
Depends on what your DNSSEC configuration is. Are you using
dnssec-signzone/named? auto-dnssec maintain? inline-signing?
dnssec-policy? dnssec-keymgr?
Yes there are a lot of ways to maintain DNSSEC in BIND. The recommended
way forward is to use dnssec-policy. Migrating to it may still
I've been using alg-7 for DNS, but that is no longer recommended. How difficult
is it to change the signing algorithm and what is the process (Bind 9.16.11)?
--
"He raised his hammer defiantly and opened his mouth to say, "Oh,
yeah?" but stopped, because just by his ear he heard a
9 matches
Mail list logo
