Automatic DNSSEC signing workflow
Daniel A. Ramaley
daniel.ramaley at drake.edu
Tue Jul 5 15:14:18 UTC 2016
On 2016-07-05 at 15:26:31 Tony Finch wrote:
> There is a third option:
>
> 3) Maintain zone files with a text editor, and use inline-signing mode
> to get named to sign them.
>
> For option 3 you don't want an update-policy clause.
OK, that's actually the behavior that i was trying to achieve. Earlier i
tried commenting out the update-policy line and doing some testing and
it didn't work. But then i discovered a permissions problem on some of
the key files. Once i fixed the key files permissions, Bind started
behaving exactly the way i'd like it to!
Thanks again for the help! I've done enough testing now that i'm
reasonably confident Bind is behaving the way we want it to, where we
can maintain the zone files with a text editor, but let Bind manage the
signing.
__
Daniel A. Ramaley | Server Engineer 2
Information Technology Services (ITS) | Drake University
T: +1 (515) 271-4540
F: +1 (515) 271-1938
E: daniel.ramaley at drake.edu
More information about the bind-users
mailing list