Ldns on Pi Stack https://www.pistack.xyz/tags/ldns/ Recent content in Ldns on Pi Stack Hugo en-us Tue, 02 Jun 2026 00:00:00 +0000 Self-Hosted DNSSEC Key Management: dnssec-keygen vs ldns-keygen vs Knot DNS keymgr https://www.pistack.xyz/posts/2026-06-02-dnssec-key-management-dnssec-keygen-ldns-keygen-knot-keymgr-guide/ Tue, 02 Jun 2026 00:00:00 +0000 https://www.pistack.xyz/posts/2026-06-02-dnssec-key-management-dnssec-keygen-ldns-keygen-knot-keymgr-guide/ <h2 id="introduction">Introduction</h2> <p>DNSSEC protects DNS responses from forgery by cryptographically signing zone data. But the operational challenge isn&rsquo;t the signing itself — it&rsquo;s <strong>key management</strong>. Generating, rotating, and revoking DNSSEC keys securely is critical: a compromised ZSK can poison an entire domain&rsquo;s cache, and misconfigured KSK rollovers can make your zone unreachable. This article compares three battle-tested DNSSEC key management toolchains: <strong>dnssec-keygen</strong> (BIND), <strong>ldns-keygen</strong> (NLnet Labs), and <strong>keymgr</strong> (Knot DNS).</p>