[Opendnssec-user] Keys Generation.

Rickard Bellgrim rickard at opendnssec.org
Tue Jul 12 13:14:13 UTC 2011

On Tue, Jul 12, 2011 at 3:06 PM, Bryton <bryton at tznic.or.tz> wrote:
> I would like to know If I am signing more than one zone in a single server
> having opendnssec do I need to generate keys everytime I sign a different
> zone?

The key generation will be done automatically by the Enforcer, unless
you set the flag ManualKeyGeneration in conf.xml.

> Example If I have 5 zones and I want to sign all my zones.Do I need to
> generate keys 5 times or I will just use the same keys I generated once and
> sign all the five zone?

The default policy do not share keys between zones. But if you set
<ShareKeys/> in your policy, then they will.

// Rickard

More information about the Opendnssec-user mailing list