A beginner's guide to DNSSEC with BIND 9
Richard T.A. Neal
richard at richardneal.com
Mon Oct 24 18:43:16 UTC 2022
Jan-Piet Mens wrote:
>> A Beginner's Guide to DNSSEC with BIND 9.
> Well done! A few comments, if I may:
{snip}
Thanks JP, I really appreciate the feedback. I'll take all of that onboard, change my zones and guide from master/slave to primary/secondary, and take a look at TSIG as well.
As PGNet Dev said, I would also be interested to hear more about "inline-signing might go away". In fact when creating my first DNSSEC zone I initially *did not* include this statement in the zone file, but this caused named to fail to start and it threw the following error:
'dnssec-policy;' requires dynamic DNS or inline-signing to be configured for the zone
Like PGNet Dev I would also prefer to continue to hand-edit my zone files for the time being (rather than using a tool such as nsupdate) so I'm interested to hear if this will still be supported or what the roadmap is for deprecating the ability to hand-edit these files for DNSSEC-enabled zones.
Once again many thanks for taking the time to provide feedback and advice, I really appreciate it. I'll take any further comments off-list.
Best,
Richard.
More information about the bind-users
mailing list