Update DNSSEC Zone
Tony Finch
dot at dotat.at
Mon May 10 10:53:07 UTC 2021
Peter Fraser <softwareinfojam at gmail.com> wrote:
>
> I am using bind-9.14.x and here are the DNSSEC related entries in the zone.
>
> auto-dnssec maintain;
> update-policy local;
> key-directory “zones/domain-keys”;
How you go about this depends on whether your configuration enables
`inline-signing` or not.
If it has inline-signing, you should see in the filesystem that each zone
file has .signed (and possibly .jnl) files alongside. You can update the
zone using
(edit the non-.signed zone file)
rndc reload
If it does not have inline-signing I prefer to use `nsupdate` to update
the zones, usually with my `nsdiff` or `nsvi` tools. Or you can,
rndc freeze
(edit the zone file)
rndc thaw
https://dotat.at/prog/nsdiff/
Tony.
--
f.anthony.n.finch <dot at dotat.at> https://dotat.at/
Biscay: Southwest 3 to 5 increasing 5 to 7. Rough, occasionally
moderate in east, becoming very rough in west. Thundery showers. Good,
occasionally poor.
More information about the bind-users
mailing list