Re: auto RRSIG enable

2020-11-01 Thread Matthijs Mekking 
And in 9.16 you can use the following line to sign your zones:

   dnssec-policy default;

And you can create your own dnssec-policy if you need a different
signing configuration.

Best regards,

Matthijs

On 11/2/20 7:20 AM, Nyamkhand Buluukhuu wrote:
> Hello,
> 
> Yes you can define below configurations in your options:
> 
>        inline-signing yes;​
> 
> This configuration automates your signing zone tasks as whenever you
> change, add, delete your records or signature expired, named
> automatically re-sign your zone data with the keys in your key-directory.​
> 
> ​
> 
>        auto-dnssec maintain;​
> 
> This is for the automated key management. With this option enabled,
> named will periodically check if there are new key available, or expired
> key and manage DNSKEY records. It's very helpful when you renew your keys.
> 
> 
> 
> /Have a nice day :)/**
> 
> *BR, NYAMKHAND Buluukhuu*
> 
> * *
> 
> *Engineer*
> 
> *TPD/ETSD*
> 
> UNESCO street - 28, MPM Complex
> 
> Ulaanbaatar -14220, Mongolia
> 
> Mobile:   (976) 94081017
> 
> Web:   www.mobicom.mn
> 
>  
> 
> /Before you start - Be safety smart///
> 
>  
> 
> 
> 
> 
> *From:* bind-users  on behalf of rams
> 
> *Sent:* Monday, November 2, 2020 2:14 PM
> *To:* bind-users 
> *Subject:* auto RRSIG enable
>  
> Hi,
> Do we need to set any option in named.conf for auto RRSIG generation in
> bind? 
> Can anyone help me on this.
> 
> Regards,
> Ramesh
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 



signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: auto RRSIG enable

2020-11-01 Thread Nyamkhand Buluukhuu 
Hello,

Yes you can define below configurations in your options:


   inline-signing yes;​

This configuration automates your signing zone tasks as whenever you change, 
add, delete your records or signature expired, named automatically re-sign your 
zone data with the keys in your key-directory.​

​

   auto-dnssec maintain;​

This is for the automated key management. With this option enabled, named will 
periodically check if there are new key available, or expired key and manage 
DNSKEY records. It's very helpful when you renew your keys.


Have a nice day :)
BR, NYAMKHAND Buluukhuu

Engineer
TPD/ETSD

UNESCO street - 28, MPM Complex

Ulaanbaatar -14220, Mongolia

Mobile:   (976) 94081017
Web:   www.mobicom.mn

Before you start - Be safety smart

[cid:a4d66a69-69bf-434d-842c-f5bc1739cc6c]



From: bind-users  on behalf of rams 

Sent: Monday, November 2, 2020 2:14 PM
To: bind-users 
Subject: auto RRSIG enable

Hi,
Do we need to set any option in named.conf for auto RRSIG generation in bind?
Can anyone help me on this.

Regards,
Ramesh
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users