On 12. 04. 23 5:38, Nick Tait via bind-users wrote:
I'm currently running a few DNSSEC zones in BIND using dnssec-policy
option, albeit with an unlimited lifetime on the KSK, so that I can
control KSK roll-overs (which is necessary because my Registrar doesn't
support RFC 7344)...
Anyway I know that BIND supports RFC 7344 via parental-agents option
when BIND is operating in the 'Child' role; but my question is whether
BIND currently supports (or if there are any plans for BIND to support)
RFC 7344 with BIND operating in the 'Parental Agent' (and 'Parent')
In other words, can BIND be configured to poll a child zone for
CDS/CDNSKEY records, and automatically add corresponding DS records into
a zone that it controls?
If this isn't on the radar already, I'll be happy to submit an
There is a philosophical question whether this is something a DNS server
There are external tools which can automate zone scan, e.g.
I suppose that it should be possible to glue it to standard DNS UPDATE
mechanism and thus make it work with any standard DNS server.
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list