Greetings:
I apologize if this is a bit naive but I have a question involving enabling DNSSEC for a very large a complex DNS structure. Right now I have hundreds of subdomains and thousands of resource records. The current structure has one zone per subdomain. I realize that this makes DNSSEC substantially more complex. My question is whether there is a way to tell OpenDNSSEC that a series of zones are, in fact, "subzones" of a parent zone. My particular problem is that it doesn't appear that OpenDNSSEC automates the creation of DS records. Is there a way to? Today I am using a locally written script to update the unsigned parent zone(s) with DS records associated with the KSK of each subzone. Is there a better way to do this? -Thanks, /Andy Andy Newman / [email protected] Director, Infrastructure Design Services & Enterprise Architect Yale University Information Technology Services 25 Science Park, 4th Floor 150 Munson St., New Haven, CT 06520 Phone: (203) 432-6696 / Fax: (203) 436-4067 / Cell: (203) 980-0031 EmRGLWhN15xH9XzQAK3gtpNrMknKCZWPmVJbzNhfdobw7
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
