DNSSEC made simple, is this possible?
Ryan Novosielski
novosirj at umdnj.edu
Wed Jan 11 17:04:41 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/11/2012 10:47 AM, Phil Mayers wrote:
> On 11/01/12 15:31, Howard Leadmon wrote:
>
>> Then I go to make a change to my DNS file, whoa was I in for a
>> shock, as
>> apparently BIND took my nice text file for DNS I have edited for ages,
>> and
>
> As you found out, you cannot do that. "auto-dnssec maintain" requires
> that updates to the zone by via dynamic DNS.
Not that this is honestly so hard, however. I have played with it at
home some and the ns-update command means that you can still at least do
this manually fairly easily from the command line. Is my read on that
correct?
>> So I guess my million dollar question is, I want to use DNSSEC (it's
>> actually working now), but I want to be able to edit my zone files the
>> way I
>> always have for many years, and just have BIND sign the zones with the
>> keys
>> and update as needed to keep DNS running smoothly. Is there some
>> easy way
>> to do this, some scripts someone has made, or some documentation to
>> walk me
>> through accomplishing this?
>
> This is called "inline-signing" and is a new feature in Bind 9.9, which
> is in beta. There is some discussion of the limitations and early bugs
> in the list archive.
>
> Google "bind 9.9 inline signing" for more info, and see the list archives.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8NwSkACgkQmb+gadEcsb71IACfWL8E1aP6YX6nywtbF7+pETVk
ZR8AoOBfZLHqCC2f6gqDIxJAm9szSRcT
=Q0qZ
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: novosirj.vcf
Type: text/x-vcard
Size: 279 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120111/ca4e93c5/attachment.vcf>
More information about the bind-users
mailing list