Hi Arian, Bind 9 has Smart Signing since Bind 9.7: http://ddiguru.com/blog/133-bind-970-part-4-automatic-zone-signing http://ripe60.ripe.net/presentations/Damas-BIND_9.7_-_DNSSE_for_humans.pdf
https://ftp.isc.org/isc/bind9/cur/9.10/doc/arm/Bv9ARM.pdf Section 4.8, and onwards but you can use other nameservers as backends for even easier setup: Knot DNS has automatic DNSSEC signing including ZSK rollover PowerDNS has also DNSSEC support and for much more complicated setups you can use OpenDNSSEC. Cheers, -- Ondřej Surý <[email protected]> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro pečení chleba všeho druhu On Mon, Nov 7, 2016, at 20:15, Arian Sanusi wrote: > Dear now-ex-Maintainers, > > instead of citing other tools which also seem unfit, could you please > mention a better alternative here? > > thank you, > > Arian > > _______________________________________________ > pkg-dns-devel mailing list > [email protected] > https://lists.alioth.debian.org/mailman/listinfo/pkg-dns-devel > Email had 1 attachment: > + signature.asc > 1k (application/pgp-signature)
