[Opendnssec-user] Keys Generation.
Rickard Bellgrim
rickard at opendnssec.org
Tue Jul 12 13:14:13 UTC 2011
On Tue, Jul 12, 2011 at 3:06 PM, Bryton <bryton at tznic.or.tz> wrote:
> I would like to know If I am signing more than one zone in a single server
> having opendnssec do I need to generate keys everytime I sign a different
> zone?
The key generation will be done automatically by the Enforcer, unless
you set the flag ManualKeyGeneration in conf.xml.
> Example If I have 5 zones and I want to sign all my zones.Do I need to
> generate keys 5 times or I will just use the same keys I generated once and
> sign all the five zone?
The default policy do not share keys between zones. But if you set
<ShareKeys/> in your policy, then they will.
// Rickard
More information about the Opendnssec-user
mailing list