Automated DNSSEC (command line)
Mark Andrews
marka at isc.org
Sat May 29 00:52:44 UTC 2010
In message <20100529001832.GB4692 at tamay-dogan.net>, Michelle Konzack writes:
>
> Hello Mark,
>
> Am 2010-05-29 09:06:40, hacktest Du folgendes herunter:
> > You can just let named re-sign the zone for you. Treat the zones
> > as dynamic and named from BIND 9.6 onwards will maintain the
> > signatures for you.
>
> What do you mean with "Treat the zones as dynamic"?
> Is there a special option?
Add allow-update or update-policy clause.
BIND 9.7.0 supports "update-policy local;" and "nsupdate -l" talks via it.
> > Use nsupdate to change the contents of the zone.
>
> OK. I have to change my scripts to use "nsupdate", but as I have
> understand it right, you can not add NEW hosts to a zone through
> nsupdate (has never worked) or has it changed now?
You make any change you want to a zone via nsupdate and this has
always been the case. You just can't create or destroy the zone.
DHCP servers have been adding and deleting hosts for years using
UPDATE.
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list