Copy:
[email protected] (Klaus Darilion)
Copy:
[email protected] (
[email protected])
On Thu, Jul 9, 2020 at 6:44 AM Daniel Stirnimann <
[email protected]> wrote:
On 09.07.20 11:51, Klaus Darilion wrote:
So, how is the correct process to add an additional DNSKEY (only the public
key is known).
I think you are looking for `dnssec-importkey`.
Indeed. I imported the key and got a .key and .private file. I put those
files in the same directory as the other keys, gave read permissions to
bind and executed:
rndc loadkeys myzone
rndc sign myzone
But the additional key is not added to the reponse of DNSKEY queries.
Does the key have correct timing metadata in the key file?
Have a look at "dnssec-settime".
You can also set the timing metadata with dnssec-importkey itself (so that
you don't have to separately run dnssec-settime), e.g. to activate key 5 minutes from now:
dnssec-importkey -P +5mi -K Kexample.com.+013+23941.key
Shumon.
<div dir="ltr"><div dir="ltr">On Thu, Jul 9, 2020 at 6:44 AM Daniel Stirnimann <<a href="mailto:
[email protected]">
[email protected]</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
On 09.07.20 11:51, Klaus Darilion wrote:<br>
>>> So, how is the correct process to add an additional DNSKEY (only the public<br>
>> key is known).<br>
>><br>
>> I think you are looking for `dnssec-importkey`.<br>
> <br>
> Indeed. I imported the key and got a .key and .private file. I put those files in the same directory as the other keys, gave read permissions to bind and executed:<br>
> rndc loadkeys myzone<br>
> rndc sign myzone<br>
> <br>
> But the additional key is not added to the reponse of DNSKEY queries.<br>
Does the key have correct timing metadata in the key file?<br>
Have a look at "dnssec-settime".<br></blockquote><div><br></div><div>You can also set the timing metadata with dnssec-importkey itself (so that you don't have to separately run dnssec-settime), e.g. to activate key 5 minutes from now:</div><
<br></div><div> dnssec-importkey -P +5mi -K Kexample.com.+013+23941.key<br></div><div><br></div><div>Shumon.</div><div><br></div></div></div>
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)