> "rndc signing -nsec3param" can change your salt. Specifying "auto"
> as the salt causes named to generate a salt at random.
I forgot to mention that the "auto" feature is new in 9.10, not in
older versions.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28.07.14 19:09 Evan Hunt wrote:
> On Mon, Jul 28, 2014 at 06:16:13PM +0200, Johannes Kastl wrote:
>> So basically BIND cannot do that for me, each time it does a key
>> rollover. That's what I wanted to know.
>
> "rndc signing -nsec3param" can ch
On Mon, Jul 28, 2014 at 06:16:13PM +0200, Johannes Kastl wrote:
> > In the same cron job, it is then possible to create a new NSEC3
> > salt and inject that into the zone.
>
> So basically BIND cannot do that for me, each time it does a key
> rollover. That's what I wanted to know.
"rndc signing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Carsten and all,
sorry for the late reply.
On 24.07.14 19:53 Carsten Strotmann wrote:
> I'm not aware that BIND 9 can do a ZSK rollover all on its own, it
> is however possible to set the timing values on the ZSK key files
> in a away that BIND 9
4 matches
Mail list logo