DNSSEC made simple, is this possible?
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jan 11 15:47:54 UTC 2012
On 11/01/12 15:31, Howard Leadmon wrote:
> Then I go to make a change to my DNS file, whoa was I in for a shock, as
> apparently BIND took my nice text file for DNS I have edited for ages, and
As you found out, you cannot do that. "auto-dnssec maintain" requires
that updates to the zone by via dynamic DNS.
> So I guess my million dollar question is, I want to use DNSSEC (it's
> actually working now), but I want to be able to edit my zone files the way I
> always have for many years, and just have BIND sign the zones with the keys
> and update as needed to keep DNS running smoothly. Is there some easy way
> to do this, some scripts someone has made, or some documentation to walk me
> through accomplishing this?
This is called "inline-signing" and is a new feature in Bind 9.9, which
is in beta. There is some discussion of the limitations and early bugs
in the list archive.
Google "bind 9.9 inline signing" for more info, and see the list archives.
More information about the bind-users
mailing list