Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNSSEC single KSK multiple domains

Status
Not open for further replies.

thenob

IS-IT--Management
Oct 13, 2010
1
BE
2 off our registry support now the option to use keygroups.
In this keygroup there is 1 KSK (possible a second third for key rollover), which can be used for multiple domains.
This is very handy because we can now register new domains and make them secure right away.

Every domain/zone has a separate ZSK, and uses the same KSK (which is known at the registry)

Problem, when signing a zone with the specific ZSK and the general KSK we get:
fatal: key K..... not at origin

We use this command
dnssec-signzone \
-k Kgeneral.+008+12345.key \
-o mydomain.be \
myzonefile \
/var/named/sleutels/Kmyzone.+008+40246.key

Any suggestions?
(I contacted the registry more then a week ago, but still no answer there)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top