Hi, On 2010-08-06 13:24, Martin McCormick wrote: > We are upgrading all DNS and DHCP servers to FreeBSD8.0 > and my plan was to use bind9.6x. If there is a better version for > dns-sec, best to plan to use it now in order to sleigh as much > of this dragon which is breathing fire on the edge of town and > threatens to move in soon. Definitely consider the 9.7 series! You can enable auto-dnssec which will maintain your signatures for you out-of-the-box. It also supports key rollover, but IIRC doesn't generate new keys at this moment.
see for more details: http://www.isc.org/software/bind/new-features/9.7 http://www.isc.org/community/blog/201006/bind-972-and-and-automatic-dnssec-signing Niobos _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
