choosing key for auto-signing
Richard Doty
rad at twig.com
Wed May 20 01:58:22 UTC 2009
I am running bind 9.5.0, and have a dynamic zone with two ZSK set
up in the pre-publish manner - one ZSK is "published" but not used
for signing, one ZSK is "active" and signs all records. That's
how I use them when I do a full re-sign with dnssec-signzone. But
when I make a dynamic update to the zone, bind signs the updated
record with both ZSKs. That makes sense because bind has no way
to tell the two ZSKs apart.
So I guess my question is - does pre-publish work with dynamic update?
If so, how is it configured?
Thanks,
Richard.
More information about the bind-users
mailing list