Hi Randy, thanks for sharing your practival experience. > I just noticed the messages about using views with zkt. I am sorry for > the late response but I have been using them for years or at least I am > pretty sure it works since nothing is complaining. I have two different > dnssec.conf files named dnssec-external.conf and dnssec-internal.conf.
> The difference between the two files is the entry for Zonefile. For > those I have the values zone-external.db and zone-internal.db > respectively. For each domain I have both internal and external zones > defined with those file names in the same directory and they both use > the same key. Then I run commands to resign the zones for both external > and internal by using this where all of my domains are subdirectories of > /var/bind/pri/zkt. > > /usr/local/bin/zkt-signer -c /var/bind/pri/zkt/dnssec-external.conf -D > /var/bind/pri/zkt > /usr/local/bin/zkt-signer -c /var/bind/pri/zkt/dnssec-internal.conf -D > /var/bind/pri/zkt You can also use the "-V <viewname>" to use different config files named "dnssec-<viewname>.conf". And even better, you can link the "zkt-signer" command to "zkt-signer-internal" and "zkt-signer-external" and run these without the dedicated conffile or -V option. With the "view" option, zkt-signer can also parse a named.conf file with views, so you can use the -N option as well. Best Regards Holger
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ zkt-users mailing list zkt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zkt-users
