Guillaume-Jean Herbiet on Nostr: npub1rmlrk…xxa6t Read that too and also had a look at #cznic #Knot for a #dnssec ...
npub1rmlrk8t89jh2vv57je7xczz4nn5shkaa6m6zqqyh2hjt5ay9m9vs9xxa6t (npub1rml…xa6t) Read that too and also had a look at #cznic #Knot for a #dnssec bump-in-the-wire signer.
Also seen that @nitrokey also has doc for #Knot: https://docs.nitrokey.com/nethsm/knotdns
One operational question I have is the the ability to pre-generate keys once on the HSM, lock the #pkcs11 interface and have #Knot use them for automatic roll-overs according to policy w/o creating new keys automatically.
My understanding of #Knot manual mode is that key timing has to be done… well, manually!
Also seen that @nitrokey also has doc for #Knot: https://docs.nitrokey.com/nethsm/knotdns
One operational question I have is the the ability to pre-generate keys once on the HSM, lock the #pkcs11 interface and have #Knot use them for automatic roll-overs according to policy w/o creating new keys automatically.
My understanding of #Knot manual mode is that key timing has to be done… well, manually!