Greetings, I am wondering how folks handle keys for zones that are going to be signed with nsupdate.
It appears that named wants the zone signing keys to be in the location identified by the "directory" parameter, yes? Putting all keys in one directory seems like a scaling issue, besides which I believe that particular directory needs to be writable by named so it can create core files. I have to leave the keys online for nsupdate, but named doesn't need to modify them itself. It would be cool if the location of per-zone keys were a per-zone configuration parameter, but I can't find any suggestion of that in the code. Maybe I'm looking in the wrong place. How do you manage your nsupdate keys? Thanks, Richard. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
