dnssec-policy & views
Graham Clinch
g.clinch at lancaster.ac.uk
Sat Feb 29 16:27:13 UTC 2020
How does the new-in-9.16 dnssec-policy interact with views - in
particular for key generation/rollover?
For example, we have a zone defined in multiple views with different
contents (and thus not suitable for in-view), being signed by the same
set of keys (currently maintained by dnssec-keymgr) - this allows us to
publish only a single set of DS records for that zone.
If a zone 'example.net' is defined in view 'a', and a zone 'example.net'
is defined in view 'b', but both views share a single key-directory, is
it 'safe' to configure dnssec-policy in both views?
Graham
More information about the bind-users
mailing list