bind 9.7, dnssec and multiple key directories and resalt NSEC3
Tim Verhoeven
tim.verhoeven.be at gmail.com
Fri Jun 4 12:46:26 UTC 2010
On Fri, Jun 4, 2010 at 1:18 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 04/06/10 11:11, Tim Verhoeven wrote:
>>
>> I'm currently testing the automatic signing for DNSSEC present in Bind
>> 9.7. I'm currently using Bind 9.7.0 and I have 2 questions.
>>
>> The first one, can I configure multiple key directories? The reasoning
>> for this is that I would like to seperate the KSK's from the ZSK's.
>> And this to be able to not have the KSK's present all the time by
>> putting them on a removable media. For the ZSK's I have no choice
>> since I will be doing dynamic updates.
>> Or are there other means to do this except from adding and removing
>> the KSK's when needed ?
>
> Symlinks to the KSK in another directory?
A good one, why haven't I thought of that myself ;-)
Thanks,
Tim
--
Tim Verhoeven - tim.verhoeven.be at gmail.com - 0479 / 88 11 83
Hoping the problem magically goes away by ignoring it is the
"microsoft approach to programming" and should never be allowed.
(Linus Torvalds)
More information about the bind-users
mailing list