Hi Randy,

thanks for sharing your practival experience.
> I just noticed the messages about using views with zkt.  I am sorry for
> the late response but I have been using them for years or at least I am
> pretty sure it works since nothing is complaining.  I have two different
> dnssec.conf files named dnssec-external.conf and dnssec-internal.conf. 

> The difference between the two files is the entry for Zonefile.  For
> those I have the values zone-external.db and zone-internal.db
> respectively.  For each domain I have both internal and external zones
> defined with those file names in the same directory and they both use
> the same key.  Then I run commands to resign the zones for both external
> and internal by using this where all of my domains are subdirectories of
> /var/bind/pri/zkt.
> /usr/local/bin/zkt-signer -c /var/bind/pri/zkt/dnssec-external.conf -D
> /var/bind/pri/zkt
> /usr/local/bin/zkt-signer -c /var/bind/pri/zkt/dnssec-internal.conf -D
> /var/bind/pri/zkt

You can also use the "-V <viewname>"  to use different config files
named "dnssec-<viewname>.conf".

And even better, you can link the "zkt-signer" command to
"zkt-signer-internal" and "zkt-signer-external" and run these without
the dedicated conffile or -V option.

With the "view" option, zkt-signer can also parse a named.conf file with
views, so you can use the -N option as well.

Best Regards

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
zkt-users mailing list

Reply via email to