hooks in bind's DNSSEC automation to trigger external scripting of DS RECORDS updates, when CDS/CDNSKEY polling is (still) not available?
Matthijs Mekking
matthijs at isc.org
Thu Jun 17 10:09:56 UTC 2021
On 16-06-2021 17:04, PGNet Dev wrote:
> @jpmens was kind enough to share the original basis for the simple perl
>
> He also mentioned
>
> Logging of CDS/CDNSKEY generation for workflow
> https://gitlab.isc.org/isc-projects/bind9/-/issues/1748
>
> which requests:
>
> Would it be possible to log CDS/CDNSKEY generation in such a way as
> that a "simple" workflow can be implemented in order to create tooling
> which reacts on the log and performs a dynamic update on a parent zone.
> Whenever a CDS/CDNSKEY is published in a child zone, BIND could
> create a log record indicating for which zone this has occurred.
>
> and appears to have been implemented (?), but not committed/released.
This logging was added in 9.16.7
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4067
More information about the bind-users
mailing list