On Wed, Oct 05, 2011 at 12:22:58AM -0700, Stephane Bortzmeyer wrote: > Not true. For every problem reported by the tool, I contacted the > managers of the domain, both to report they have an issue and to ask > them what system they were using. So, I'm pretty confident that > OpenDNSSEC had no such issue.
Sorry then, that detail wasn't laid out in the paper... Prior to the implementation of key timing metadata and the ability for dnssec-signzone to automatically select what keys to use in bind 9.7, I could see how a third party tool to manage rollover for you could be useful. With it, the amount of wrapper to make it work in a simple scenario isn't that big. Assuming my selection of timings isn't broken, I'm reasonably confident our dnssec rollovers will procede smoothly without issues, and I'd rather use a little bit of custom local glue that fits perfectly into our existing deployment rather than try to bend a complicated tool to our will or change our deployment to match its idea of how things should work. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768 _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
