Hi Daniel,
Would it be possible to activate more than one algorithm in a policy?
If not, how hard would it be to include that functionality?
Because for some reason a lot of ISP resolvers support RSA only while I
would like to future-proof my zone with ED25519 at the same time.
Cheers,
Stefan
Am Do., 22. Juli 2021 um 19:56 Uhr schrieb Daniel Salzman <
daniel.salzman(a)nic.cz>gt;:
Hi Stefan,
I'm sorry, it's not possible to configure more DNSSEC policies (more
algorithms) per one zone at the same time.
Maybe, with the manual key management and more configuration files when
generating keys via keymgr, it could work somehow. But I'm not sure and
probably it's not what you are looking for :-)
Daniel
On 22. 07. 21 16:55, Schindler, Stefan wrote:
Hi all
I am currently running these two policies:
```
policy:
- id: edecc
algorithm: ed25519
nsec3: on
- id: rsa
algorithm: RSASHA256
ksk-size: 2048
zsk-size: 2048
nsec3: on
```
I tried enabling both with this command, but to no effect:
```
dnssec-policy: [ edecc, rsa ]
```
Is there a way to do both at the same time in one zone?
I am currently running knot 3.0.8
Cheers,
Stefan