OK, in an attempt to start using DNSSEC over here, I suppose I bit myself in the backside, and even spending some time using googlefu I still haven't quite figured this all out.
I am currently running the current BIND 9.8.1, and setup to support DNSSEC. After reading around a bit, I saw that setting auto-dnssec in the config would read in the keys and sign the zones automatically, this seemed in theory to be perfect, so I configured it this way. After that the domains were signed, and going to places like the verisign debugger showed my domain was happily secured with DNSSEC. Then I go to make a change to my DNS file, whoa was I in for a shock, as apparently BIND took my nice text file for DNS I have edited for ages, and converted it into a full signed zone. Try and edit that file, and if course it bitches about it no longer matching the .jnl file and drops the zone. This sure makes it hard to update things, well the way I am used to doing it. So I guess my million dollar question is, I want to use DNSSEC (it's actually working now), but I want to be able to edit my zone files the way I always have for many years, and just have BIND sign the zones with the keys and update as needed to keep DNS running smoothly. Is there some easy way to do this, some scripts someone has made, or some documentation to walk me through accomplishing this? I can't believe there aren't a lot of others that have run DNS just as I have for years and years, and just want a nice simple way to keep using BIND and implementing the new security for the domains I manage. I have googled till I have about turned blue, and maybe I am missing it, but I have seen some very complex keymanagement systems and so forth, I have no need for anything that complex, so figure I am missing the solution that is hiding someplace. Any pointers?? --- Howard Leadmon _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
