Inline-signing feature request: Directly set the signed zone's serial number
Alan Clegg
alan at clegg.com
Wed Oct 8 02:02:10 UTC 2014
On 10/7/2014 7:39 PM, Terry Burton wrote:
> Separate the data provider and DNS infrastructure provider and this
> predicament ensues.
Ah, but here-in lies trouble. You are becoming the data provider as
soon as you do the signing on the data. But I digress.
What about "rndc sign -force" that would cause a resigning (which is
really what you are looking for) even if the data does not appear to the
signing server to have changed. That would maintain the integrity of
the "source" data by not needing to change it at all and would also "do
the right thing" with the serial number.
AlanC
More information about the bind-users
mailing list