Does anyone have an automated KSK roll process, that checks for the DS record at the parent, that they can share?
As far as I can tell, the automated signing in BIND will roll the KSK if I set the timing in the policy file, but it won't check the DS record, so it will happily break DNSSEC if some other process does not update the DS record at the right time. That's too big a risk for me, the process needs to check the DS record before completing the KSK roll. Surely someone has done this. I would rather not reinvent the wheel. But I have searched and not found anything yet. -- Bob Harold DNS and DHCP Hostmaster - UMNet Information and Technology Services (ITS) rharo...@umich.edu
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
