On Mon, Oct 03, 2011 at 05:32:18PM -0700,
 Paul B. Henson <hen...@acm.org> wrote 
 a message of 59 lines which said:

> Our zone data is maintained in a revision control repository; when
> changes are made there is a process that generates a bind format
> zone file from the data, checks it for syntax errors, compiles, and
> then signs it, at the end reloading the zone into bind with rndc.

Experience of DNSSEC deployment (see my paper at SATIN
<http://conferences.npl.co.uk/satin/papers/satin2011-Bortzmeyer.pdf>)
shows that custom programs have many timing bugs. Many things can go
wrong Why not using an existing program such as OpenDNSSEC ?
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to