21 Úno
2024
21 Úno
'24
9:39
Le mercredi 21 février 2024 à 09:27 +0100, Daniel Salzman via knot-dns-
users a écrit :
Hi Bastien,
What's the Knot version and your signing policy configuration?
Hello,
I'm using the current version (3.3.4-cznic.1~bookworm)
The policy I use for the affected zones is this one :
policy:
- id: default_hsm
keystore: nitrokey
algorithm: ECDSAP384SHA384
ksk-size: 384
zsk-size: 384
nsec3: on
nsec3-salt-lifetime: 4d
ksk-submission: validating-resolver
nsec3-iterations: 0
keystore:
- id: nitrokey
backend: pkcs11
config: "pkcs11:pin-value=x /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"
Regards,
--
Bastien