Adding foreign DNSKEY with inline-signing
Gilles Massen
gilles.massen at restena.lu
Tue Apr 9 09:20:07 UTC 2013
Hello,
I'd like to change the DNS operator for a signed domain, where the
parent does not allow a DS that is not pointing to an active DNSKEY
(thus the double-DS procedure won't work).
As a result I'd need to insert the old DNSKEYs in the new zone. However,
bind tries to do something with them, and complains about missing
private keys (which I obviously don't have).
How could I tell bind to "take these DNSKEYs and sign them, no questions
asked"?
Zone config:
auto-dnssec maintain;
inline-signing yes;
Gilles
--
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473
More information about the bind-users
mailing list