hooks in bind's DNSSEC automation to trigger external scripting of DS RECORDS updates, when CDS/CDNSKEY polling is (still) not available?
PGNet Dev
pgnet.dev at gmail.com
Thu Jun 10 13:51:52 UTC 2021
On 6/10/21 8:38 AM, Tony Finch wrote:
> I have not, and I also want to be able to do this, and I also want
> scripting hooks for whenever any keys change so that I can stash them
> somewhere safer.
fyi, perhaps keep an eye on this:
https://gitlab.isc.org/isc-projects/bind9/-/wikis/BIND-9-PKCS11
seems like a point solution to the more generic problem, but does touch on
softhsm integration.
proper process hooks should enable the option to stash where you want to -- fs,
git, softhsm, hashicorp vault, h/w hsm, etc etc.
More information about the bind-users
mailing list