In message <[email protected]>, Richard Doty writes:
> Greetings,
>
> I am wondering how folks handle keys for zones that are going
> to be signed with nsupdate.
>
> It appears that named wants the zone signing keys to be in the
> location identified by the "directory" parameter, yes? Putting
> all keys in one directory seems like a scaling issue, besides which
> I believe that particular directory needs to be writable by named
> so it can create core files. I have to leave the keys online for
> nsupdate, but named doesn't need to modify them itself.
>
> It would be cool if the location of per-zone keys were a per-zone
> configuration parameter, but I can't find any suggestion of that
> in the code. Maybe I'm looking in the wrong place.
See key-directory which is a per zone directive.
>
> How do you manage your nsupdate keys?
>
> Thanks,
>
> Richard.
> _______________________________________________
> bind-users mailing list
> [email protected]
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
