BIND operating in Parental Agent role (according to RFC 7344)?
Nick Tait
nick at tait.net.nz
Wed Apr 12 22:11:35 UTC 2023
On 12/04/2023 7:51 pm, Petr Špaček wrote:
> There is a philosophical question whether this is something a DNS
> server should do.
You make a very good point.
> There are external tools which can automate zone scan, e.g.
> https://github.com/CZ-NIC/fred-cdnskey-scanner
It hadn't occurred to me to look for a third-party solution. :-P
> I suppose that it should be possible to glue it to standard DNS UPDATE
> mechanism and thus make it work with any standard DNS server.
I must admit I was hoping for a solution that didn't require me to
convert my main zone into a dynamic zone - i.e. something that would
work within the inline-signing framework. But perhaps I was being overly
optimistic?
I've decided I'll stick with manual KSK roll-overs for now... :-)
Thanks again.
Nick.
More information about the bind-users
mailing list