[KASP] setup KASP in master / slave architecture
Hello,
I would like to set up DNSSEC using KASP.
I have an architecture with a master and several slaves.
Here is my policy and zone configuration:
dnssec-policy "test" {
keys {
ksk lifetime P3D algorithm rsasha256 2048;
zsk lifetime P2D algorithm rsasha256 1024;
};
};
zone "mes-bons-achats.fr" {
type master;
file "/*******/*****.db";
notify yes;
key-directory "/******/******/";
inline-signing yes;
dnssec-policy test;
};
after restart, it seems ok, keys are generated on master, no errors in logs etc
I copied this policy, the keys and the zone configuration on each of my slaves then I restarted my slaves
everything seems ok (in the logs).
except that now I wonder if the keys on each of my slaves will be generated independently from those of my master.
In this case, I will end up with different keys for the same zone depending on the slave1 / slave2 etc / master. I suppose that it is not good because we should have for the same zone, a pair of keys and this one should be copied on each slaves?
There some tuto / documentation about how to setup KASP in master / slaves topology ?
Sorry if it's not enough clear...
Thank you