Native pkcs#11 and auto-dnssec feature
Catalin Leanca
catalinl at rotld.ro
Thu Apr 9 06:58:45 UTC 2015
Problem solved.
Manual helped: "If the label contains a pin-source field, tools using
the generated key files will be able to use
the HSM for signing and other operations without any need for an
operator to manually enter a
PIN."
Thank you !
On 08/04/15 19:21, Catalin Leanca wrote:
> Hello,
>
> It helps only for dnssec-keyfromlabel tool that accepts "-l" parameter,
> but for dnssec-signzone i didn't find any reference. And the main problem
> is automatically internal signing with "auto-dnssec".
>
>
> On 08/04/15 18:21, Jeremy C. Reed wrote:
>>> My question is about auto-dnssec feature that maintain zone by
>>> internally signing RRs. How this feature will work without a PIN since
>>> BIND needs access to private key when it needs to resign automatically
>>> and i did't find a way to provide the PIN throught configuration files
>>> ?
>> Hi,
>>
>> Does the reference manual section about proving the PIN help?
>> http://ftp.isc.org/isc/bind9/9.10.2/doc/arm/Bv9ARM.ch04.html#id2639064
>
More information about the bind-users
mailing list