On 2011-10-01 11:40, Matthew Seaman wrote:
The trick is to use dnssec-settime modify the dates built into your key
by dnssec-keygen. Or equivalently to use dnssec-keygen with appropriate
flags to set the 'Activate' date (not to mention Inactive and Delete)
some time in the future.
So --- this
On 03/10/2011 13:45, Torinthiel wrote:
On 2011-10-01 11:40, Matthew Seaman wrote:
dnssec-signzone will grok all the built-in dates and do the right thing
when you sign the zone.
BTW, how does dnssec-signzone behave when you pass -s option? Does it
take into account that date when
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256 from key repository.
Fetching ZSK
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256 from key repository.
Fetching ZSK
On 01/10/2011 09:25, CT wrote:
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256
On 10/01/2011 04:40 AM, Matthew Seaman wrote:
On 01/10/2011 09:25, CT wrote:
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key
6 matches
Mail list logo