[Opendnssec-user] single KSK, multiple ZSKs
yuri at nlnetlabs.nl
Tue Sep 13 20:54:28 UTC 2016
> Each zone file should
> be signed with its own ZSK, yet all ZSKs should be signed by a single
> KSK. What configuration steps are necessary to prevent OpenDNSSEC from
> generating an entirely new ZSK/KSK key-pair each time?
There is the <ShareKeys/> element in the <Keys> section as was there in
ODS 1.4. And it behaves mostly the same: both KSK ans ZSK will be
shared. So it does not match your requirements.
If you don't mind me asking, what are your motivations for not sharing
ZSKs as well?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 163 bytes
Desc: OpenPGP digital signature
More information about the Opendnssec-user