On Mon, Jul 28, 2014 at 06:16:13PM +0200, Johannes Kastl wrote: > > In the same cron job, it is then possible to create a new NSEC3 > > salt and inject that into the zone. > > So basically BIND cannot do that for me, each time it does a key > rollover. That's what I wanted to know.
"rndc signing -nsec3param" can change your salt. Specifying "auto" as the salt causes named to generate a salt at random. There's currently no way to schedule it the way you can schedule key rollovers, but you can put it in a crontab. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users