Hi,
I'm using a zone with DNSSEC signing enabled that is updated using DDNS.
The update procedure is very simple and looks like this:
==> test_ddns.sh <==
#! /bin/sh
ZONE="example.org."
cat << EOF | nsupdate
server localhost
zone ${ZONE}
update delete ${ZONE} A
update add ${ZONE} 60 IN A
Hi Oliver,
by default, all changes to the zone, including DNSSEC signing, are
immediately flushed into zonefile. Thus, if you simply set
dnssec-signing to off, Knot stops signing the zone, but the signatures
from before remain in the zone. You can then remove them from the
zonefile (using a
Hi,
I am experimenting with latest knot and its wonderful dnssec autosigner
functionality. It works pretty nice but I am a bit lost in the unsign
process, my zone looks basically like this:
zone:
- domain: "domain.tld."
storage: "/home/oliver/knot/zones"
file: "sign.local"