I am planning on implementing the current version of BIND to replace the aging, undocumented authoritative servers I inherited. I want to hide the primary server on our internal network and have two secondary servers be publicly available. While reading the DNSSEC Guide <https://bind9.readthedocs.io/en/v9_18_9/dnssec-guide.html#recipes> recipes it seems to imply that I cannot have a hidden primary that handles all the DNSSEC stuff.
Does the primary server that handles the DNSSEC duties not be hidden? Or were they just illustrating that you do not need to touch your hidden primary server and just add one that does the DNSSEC duties?
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
