[ldns-users] how to use ldns-signzone with many KSK
Dmitriy Demidov
dima_bsd at inbox.lv
Sun Apr 5 17:19:04 UTC 2009
Hi list.
I'm playing with ldns-signzone. I have a question about it's functionality -
is it possible to use two or more key signing keys (KSK) and one zone signing
key (ZSK) in zone signing process?
For example dnssec-signzone have this functionality by using -k switch:
http://www.nlnetlabs.nl./publications/dnssec_howto/#x1-430004.5
dnssec-signzone -k Kexample.com.+005+54915.key \
-k Kexample.com.+005+06456.key -o example.com \
db.example.com \ Kexample.com.+005+64700
where Kexample.com.+005+54915.key and Kexample.com.+005+06456.key is KSK, and
Kexample.com.+005+64700 is ZSK.
Right now I got only how to sign zone using one KSK and one ZSK:
ldns-signzone -n -o example.net example.net Kexample.net.+005+05671
Kexample.net.+005+48435
where Kexample.net.+005+05671 is KSK, and Kexample.net.+005+48435 is ZSK.
Is it possible to use two KSK with ldns-signzone? How?
$ ldns-signzone -vV
zone signer version 1.5.1 (ldns version 1.5.1)
Thanks.
More information about the ldns-users
mailing list