Hi, I'm currently testing the automatic signing for DNSSEC present in Bind 9.7. I'm currently using Bind 9.7.0 and I have 2 questions.
The first one, can I configure multiple key directories? The reasoning for this is that I would like to seperate the KSK's from the ZSK's. And this to be able to not have the KSK's present all the time by putting them on a removable media. For the ZSK's I have no choice since I will be doing dynamic updates. Or are there other means to do this except from adding and removing the KSK's when needed ? The second question. I've tried doing a resalt using dynamic updates but I can't get it to work. Just adding a new NSEC3PARAM RR crashes Bind and doing a delete and then a add (to replace the present RR) gives me a servfail but I see the updats in the log. What is the correct way to do a resalt when using automatic signing ? Thank you, Tim -- Tim Verhoeven - tim.verhoeven...@gmail.com - 0479 / 88 11 83 Hoping the problem magically goes away by ignoring it is the "microsoft approach to programming" and should never be allowed. (Linus Torvalds) _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
