[Opendnssec-user] single KSK, multiple ZSKs
fromme at tralios.de
Tue Sep 13 14:30:41 UTC 2016
I am currently trying to set up OpenDNSSEC 2.0.1 wanting to use a single
KSK to sign the ZSKs of multiple zones.
Having not found any information on
https://wiki.opendnssec.org/display/DOCS20/OpenDNSSEC, I'd be glad if
somebody could provide me with a way to do this. Each zone file should
be signed with its own ZSK, yet all ZSKs should be signed by a single
KSK. What configuration steps are necessary to prevent OpenDNSSEC from
generating an entirely new ZSK/KSK key-pair each time?
The possibility to do so seems to be a new feature of the recent 2.0
version so looking at the older (but much more detailed) documentation
did not help.
Thanks a lot!
More information about the Opendnssec-user