On 03/10/2011 13:45, Torinthiel wrote:
> On 2011-10-01 11:40, Matthew Seaman wrote:
>> dnssec-signzone will grok all the built-in dates and do the right thing
>> when you sign the zone.
> BTW, how does dnssec-signzone behave when you pass -s option? Does it
> take into account that date when dete
On 2011-10-01 11:40, Matthew Seaman wrote:
The trick is to use dnssec-settime modify the dates built into your key
by dnssec-keygen. Or equivalently to use dnssec-keygen with appropriate
flags to set the 'Activate' date (not to mention Inactive and Delete)
some time in the future.
So --- this
On 10/01/2011 04:40 AM, Matthew Seaman wrote:
On 01/10/2011 09:25, CT wrote:
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key r
On 01/10/2011 09:25, CT wrote:
>
>> I have a few static zones that I sign via script
>> keydir = directory for both KSK and ZSK
>> $zone = zone file
>> /usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
>>
>>
>> Fetching KSK 4054/RSASHA256 from key repository.
>> Fetching ZSK
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256 from key repository.
Fetching ZSK 653
I have a few static zones that I sign via script
keydir = directory for both KSK and ZSK
$zone = zone file
/usr/local/sbin/dnssec-signzone -S -g -a -H 10 -3 $SALT -K keydir $zone
Fetching KSK 4054/RSASHA256 from key repository.
Fetching ZSK 36948/RSASHA256 from key repository.
Fetching ZSK 65304
6 matches
Mail list logo
