Hello everyone, I am new here. I am running a manually signed zone (average.org) for my domain for some time now. I also have a separate subdomain zone (dyn.average.org) that allows dynamic updates, and that is currently not signed. Bind version is 9.5.1. (debian stable).
I would like to make dynamic zone automatically signed. I did not find any documentation about how to do that, but from reading the manuals and other people's notes in this maillist, I figured that I probably need to put both private and public keys for the zone in a directory configured as "key-directory" and make them readable to the bind's userid. But what else? - do I need to sign the zone initially by hand? - do I need to insert the DNSKEY public key record into the zone - or should I include it into the "upper" zone? I don't want to make private KSK readable by bind, only ZSK for this one zone. So, apparently I need to arrange things in such a way that DNSKEY for dyn.average.org is signed manually. Will it suffice to put it into average.org zone and re-sign it manually? What else do I need to take care of? Thanks in advance! Eugene
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
