On 11/10/2011 11:16 PM, Evan Hunt wrote: >> I know that this isn't the forum for betas > Sure it is. :) > >> We have been testing with the alphas and now with the beta. What we are >> seeing is that whenever named starts, it initially creates the signed >> static zone file, but never really finishes. > What do you mean by "never really finishes"? > > What are the options that are set for the static zone? You should have > these: > > auto-dnssec maintain; > inline-signing yes; > key-directory "<dir>"; > > ...with <dir> set to the location of the DNSSEC signing keys for your > zone, including at least one KSK and one ZSK, both of which are set to > be published and active. > Ah, this was missing bit in my configuration, thanks for it :)
I have just one question, what should inline-zone admin do? I assume that named automatically regenerates & removes expired RRSIGs so is it sufficient to put new KSK and ZSK to the key-directory when needed and revoke older ones? Thanks for your answer in advance. Regards, Adam _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
