[Opendnssec-user] what key's do i need to submit to Registar.
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Aug 25 10:34:28 UTC 2014
As I said it depends on which KSK-rollover method you are using.
OpenDNSSEC uses Double-Signature: (see
https://wiki.opendnssec.org/display/DOCS/Key+Rollovers).
Thus, it should be sufficient to have only the DS of the active KSK (on
the standby KSKs) in the parent zone.
regards
Klaus
On 25.08.2014 11:40, Bas van den Dikkenberg wrote:
> I plan to have 2 standby keys as far as I onderstand I have to publish at least the active key and both the standby keys right ?
> Wat about the with status retired(not dead)
>
>
> -----Oorspronkelijk bericht-----
> Van: Klaus Darilion [mailto:klaus.mailinglists at pernau.at]
> Verzonden: maandag 25 augustus 2014 11:08
> Aan: Bas van den Dikkenberg; Opendnssec-user at lists.opendnssec.org
> Onderwerp: Re: [Opendnssec-user] what key's do i need to submit to Registar.
>
>
>
> On 23.08.2014 17:16, Bas van den Dikkenberg wrote:
>> Hi ,
>>
>>
>>
>> A question about the key states, I am the process of scripting the
>> updating the KSK to my registerars.
>>
>>
>>
>> Does the output of ods-ksmutil key export -zone zome.tld provide me
>> the keys I need to publish to the registar/tld
>>
>>
>>
>> Do retire and publish also needed to be included ?
>
> It depends on your KSK rollover method. See:
>
> http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-key-timing-04#section-2.2
>
> regards
> Klaus
>
More information about the Opendnssec-user
mailing list