Hi,
If you want to switch to KASP with the a different algorithm, you should
be able to use BIND 9.16.2 and just reconfigure your zone to use
"dnssec-policy". The existing keys will be removed in a timely manner,
while named creates new keys with the new algorithm.
Make sure you will submit
I just did the same operation in our BIND servers, converted all DNSSEC enabled
zones with different algorithms to KASP/dnssec-policy and ecdsa256/13.
All I did was replaced the two lines in named.conf:
inline-signing yes;
auto-dnssec maintain;
to
dnssec-policy "ecdsa256";
And of
2 matches
Mail list logo
