Automatic RRSIG Refresh in BIND 9.8.2
Latitude
arlendelcastillo at gmail.com
Wed Jun 14 18:14:23 UTC 2017
Due to customer requirements, I'm deploying BIND 9.8.2 on RHEL 6.8 and can
neither upgrade BIND to a newer version or upgrade to RHEL 7. I have
successfully configured a master and slave DNS server, DNSSEC, with
Transaction Signatures, and have performed a successful manual zone update,
incremented the serial number, resigned the zone, and completed a zone
transfer of a DNSSEC-signed zone file for which the master server is
authoritative.
I have read in Michael W. Lucas' DNSSEC Mastery book that BIND 9.9 and newer
can automatically sign zones and refresh signatures (RRSIGs), but older
versions cannot (p. 53). Unfortunately, I have to use BIND 9.8.2. Manually
efreshing RRSIGs for all zones his is quite a task to refresh signatures if
the client requires RRSIGs to be renewed once per 7 days. Is it possible to
automatically refresh RRSIGs in BIND 9.8.2 by any means automatically?
--
View this message in context: http://bind-users-forum.2342410.n4.nabble.com/Automatic-RRSIG-Refresh-in-BIND-9-8-2-tp3946.html
Sent from the Bind-Users forum mailing list archive at Nabble.com.
More information about the bind-users
mailing list