Re: Automatic RRSIG Refresh in BIND 9.8.2

Latitude wrote: > > Should DNSSEC key signing keys and zone signing keys also be located in a > directory inside the /dynamic directory? Would it be acceptable to have them > in a directory such as /var/named/chroot/etc/keys/dnssec? On my master server I have zone

Re: Automatic RRSIG Refresh in BIND 9.8.2

June 14, 2017 11:11:05 PM Subject: Re: Automatic RRSIG Refresh in BIND 9.8.2 Thanks for your reply Tony. Great references. I've got the ARM for 9.8.2 handy but thank you for sending the link to your article and pointing me out to Section 4.9.3 Fully Automatic Signing. It's been helpful to confi

Re: Automatic RRSIG Refresh in BIND 9.8.2

https://kb.isc.org/article/AA-00320/0/Why-cant-named-update-slave-zone-database-files-slave-journal-files-and-master-zones-from-journals-.html In message <1497474665849-3948.p...@n4.nabble.com>, Latitude writes: > Thanks for your reply Tony. Great references. I've got the ARM for 9.8.2 > handy

Re: Automatic RRSIG Refresh in BIND 9.8.2

Thanks for your reply Tony. Great references. I've got the ARM for 9.8.2 handy but thank you for sending the link to your article and pointing me out to Section 4.9.3 Fully Automatic Signing. It's been helpful to confirm zone RRSIGs can refresh automatically. A zone that was signed with a

Re: Automatic RRSIG Refresh in BIND 9.8.2

Latitude wrote: > > I have read in Michael W. Lucas' DNSSEC Mastery book that BIND 9.9 and newer > can automatically sign zones and refresh signatures (RRSIGs), but older > versions cannot (p. 53). That isn't entirely correct: BIND has had automatic signing since 9.7

Automatic RRSIG Refresh in BIND 9.8.2

Due to customer requirements, I'm deploying BIND 9.8.2 on RHEL 6.8 and can neither upgrade BIND to a newer version or upgrade to RHEL 7. I have successfully configured a master and slave DNS server, DNSSEC, with Transaction Signatures, and have performed a successful manual zone update,