Jared Mauch wrote: > ... > > Edit a zone file vs "edit, run a script, upload some keys, roll some keys, do > some other magic" is harder than edit a zone file.
BIND9 V9.9 may surprise you. it has inline signing and automatic key management. the code name for this feature set was "DNSSEC For Humans" and was largely driven by joao damas. the only "other magic" that BIND9 can't help you with is telling your registrar about new KSK DS's, since there's no standard API for a primary name server to use for communication with the delegation server. in all other ways, BIND9 makes DNSSEC as easy as "edit a zone file". try it and report back, don't take my word for it. note, i'm not with ISC any more, but i see no reason not to stop singing their praises. vixie _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
