DNSSEC not populating parent zone files with DS records
Tony Finch
dot at dotat.at
Mon Oct 3 13:59:38 UTC 2011
Michael Sinatra <michael at rancid.berkeley.edu> wrote:
>
> There are ways of getting the DS records into the zone(s). Here are some
> steps that I took on some test zones:
Alternatively, set "update-policy local;" on your parent zone and use this
little pipeline on the master server. Substitute $parent and $child as
necessary:
dig +noall +answer dnskey $child |
dnssec-dsfromkey -f /dev/stdin $child |
(echo "zone $parent"; sed 's/^/update add /'; echo "send") |
nsupdate -l
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Rockall, Malin: Southwesterly 7 to severe gale 9, occasionally storm 10 at
first in northeast Rockall, decreasing 5 or 6 later. Very rough or high,
occasionally very high at first in north Rockall. Squally showers. Moderate or
poor, occasionally good.
More information about the bind-users
mailing list