On Mon, May 20, 2019 at 10:56:33AM +0200, Bart Mortelmans wrote:
> If you're using MySQL backend, then I guess you could turn the cryptokeys
> table into a view that would return the same key for every domain name. But
> in general I think that would be bad practice and creating a new KEYSET for
>
Ok, thanks everyone for suggestions!
azur
Citát frank+pdns--- via Pdns-users :
Hi Azur,
Ha, indeed, it seems they did…
Best practise would still be to have a 1:1 relationship between a
keyset and a domain, so create a new keyset for every dnssec-domain.
If you do want to reuse your d
Hi Azur,
Ha, indeed, it seems they did…
Best practise would still be to have a 1:1 relationship between a keyset and a
domain, so create a new keyset for every dnssec-domain.
If you do want to reuse your dnssec keys, you have a few options:
- fiddle with the custom query options in pdns.conf t
Hi,
If you're using MySQL backend, then I guess you could turn the
cryptokeys table into a view that would return the same key for every
domain name. But in general I think that would be bad practice and
creating a new KEYSET for every domain name at the registry would be
preferable.
Bart
Hi Frank,
it's mandatory for .CZ domains, so if you don't sign every domain with
the same key, you need to register a KEYSET for every domain. So this
is what i'm trying to solve.
Citát frank+pdns--- via Pdns-users :
Hi Azur,
It’s possible to do so, by manipulating the database direc
Hi Azur,
It’s possible to do so, by manipulating the database directly (see the
cryptokeys table).
However, let’s take a step back: what problem are you trying to solve? As far
as I know, there’s not a single TLD where the use of KEYSETs is mandatory. Some
offer it as an extra feature, but I a
Hi,
while using DNSSEC, is it possible to use the same key for all
domains? This is needed for some TLDs, which are using KEYSET instead
of DS record. Thanks for info.
azur
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mail
