bind autosign - DS distribution
Mark Andrews
marka at isc.org
Thu Dec 9 22:15:58 UTC 2010
In message <20101209220716.GA2066 at fantomas.sk>, Matus UHLAR - fantomas writes:
> Hello,
>
> pardon my ignorance if this has been discussed (haven't notice), but
> if BIND is configured to automatically sign dynamic zones, does it
> distribute DS records to parent zones somehow? and if not, what are ways to
> do that?
This is IETF dnsext/dnsop fodder.
The simple way would be to just record a TSIG key in the child zones
config to update the parent zone and use signed UPDATE messages.
Unfortunately this has run into layer 9 issues.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list