[Opendnssec-user] NULL signing with 2.0?
Yuri Schaeffer
yuri at nlnetlabs.nl
Thu Oct 6 08:07:08 UTC 2016
> Yes, now supported. It has been called passthrough.
Indeed, also note this is distinct from
https://wiki.opendnssec.org/pages/viewpage.action?pageId=10125376#HowdoI...?-StopusingDNSSECforazone
Where the enforcer gracefully retracts all keys ans sigs. The signer
will strip all dnssec related records from the input zone. Passthrough
will leave the input zone untouched.
In the signconf this can be achieved with omitting the <ZSK> and <KSK>
sections.
//Yuri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20161006/6d07797a/attachment.bin>
More information about the Opendnssec-user
mailing list