Latitude wrote:
>
> Should DNSSEC key signing keys and zone signing keys also be located in a
> directory inside the /dynamic directory? Would it be acceptable to have them
> in a directory such as /var/named/chroot/etc/keys/dnssec?
On my master server I have zone
June 14, 2017 11:11:05 PM
Subject: Re: Automatic RRSIG Refresh in BIND 9.8.2
Thanks for your reply Tony. Great references. I've got the ARM for 9.8.2
handy but thank you for sending the link to your article and pointing me out
to Section 4.9.3 Fully Automatic Signing. It's been helpful to confi
https://kb.isc.org/article/AA-00320/0/Why-cant-named-update-slave-zone-database-files-slave-journal-files-and-master-zones-from-journals-.html
In message <1497474665849-3948.p...@n4.nabble.com>, Latitude writes:
> Thanks for your reply Tony. Great references. I've got the ARM for 9.8.2
> handy
Thanks for your reply Tony. Great references. I've got the ARM for 9.8.2
handy but thank you for sending the link to your article and pointing me out
to Section 4.9.3 Fully Automatic Signing. It's been helpful to confirm zone
RRSIGs can refresh automatically.
A zone that was signed with a
Latitude wrote:
>
> I have read in Michael W. Lucas' DNSSEC Mastery book that BIND 9.9 and newer
> can automatically sign zones and refresh signatures (RRSIGs), but older
> versions cannot (p. 53).
That isn't entirely correct: BIND has had automatic signing since 9.7
Due to customer requirements, I'm deploying BIND 9.8.2 on RHEL 6.8 and can
neither upgrade BIND to a newer version or upgrade to RHEL 7. I have
successfully configured a master and slave DNS server, DNSSEC, with
Transaction Signatures, and have performed a successful manual zone update,
6 matches
Mail list logo