14 Zář
2020
14 Zář
'20
22:46
Hi!
For a special project I need to sign the same zone on two servers with the
same key.
How can I create a key and import it in both instances? Or export an
automatically generated key from one instance and import in the other
instance?
Kind regards from Stockholm
/Ulrich
15 Zář
15 Zář
8:59
Hi Ulrich,
It sounds like manual key management is more suitable for your use case.
One possible way:
1) Ensure both servers have the same configuration of the zone's DNSSEC policy
2) On one of the servers generate keys:
keymgr <zone_name> generate ksk=yes -> remember the output KSK_ID
keymgr <zone_name> generate -> remember the output ZSK_ID
3) Copy the <KSK_ID>.pem and <ZSK_ID>.pem key files from the KASP directory
(usually <storage>/keys/keys) to the second server
4) Import the keys on the second server:
keymgr <zone_name> import-pem <path_to_KSK_ID.pem> ksk=yes
keymgr <zone_name> import-pem <path_to_ZSK_ID.pem>
5) Profit :-)
Best regards from Prague,
Daniel
On 9/14/20 10:46 PM, Ulrich Wisser wrote:
Hi!
For a special project I need to sign the same zone on two servers with the same key.
How can I create a key and import it in both instances? Or export an automatically
generated key from one instance and import in the other instance?
Kind regards from Stockholm
/Ulrich
1559
days inactive
1560
days old
1 comments
2 participants
participants (2)
-
Daniel Salzman -
Ulrich Wisser