Simon Fromme
2016-09-13 14:30:41 UTC
Hello,
I am currently trying to set up OpenDNSSEC 2.0.1 wanting to use a single
KSK to sign the ZSKs of multiple zones.
Having not found any information on
https://wiki.opendnssec.org/display/DOCS20/OpenDNSSEC, I'd be glad if
somebody could provide me with a way to do this. Each zone file should
be signed with its own ZSK, yet all ZSKs should be signed by a single
KSK. What configuration steps are necessary to prevent OpenDNSSEC from
generating an entirely new ZSK/KSK key-pair each time?
The possibility to do so seems to be a new feature of the recent 2.0
version so looking at the older (but much more detailed) documentation
did not help.
Thanks a lot!
Simon
I am currently trying to set up OpenDNSSEC 2.0.1 wanting to use a single
KSK to sign the ZSKs of multiple zones.
Having not found any information on
https://wiki.opendnssec.org/display/DOCS20/OpenDNSSEC, I'd be glad if
somebody could provide me with a way to do this. Each zone file should
be signed with its own ZSK, yet all ZSKs should be signed by a single
KSK. What configuration steps are necessary to prevent OpenDNSSEC from
generating an entirely new ZSK/KSK key-pair each time?
The possibility to do so seems to be a new feature of the recent 2.0
version so looking at the older (but much more detailed) documentation
did not help.
Thanks a lot!
Simon