> Am I correct in thinking that in the case of a hidden master and a chain > of slaves, that the first publicly acessable slave would do the signing > and that in any case only one instance of bind should do the signing?
The signer doesn't even have to be publicly accessible if you don't want it to be. But yes, you'd generally have only one signing server, whether it was hidden or not. (With multiple signing servers, you can end up with multiple versions of the same zone, having the same serial number, serving slightly different data; it doesn't necessarily break as long as you don't cross the streams, but why risk it?) Some discussion about scenarios in which inline-signing might be used can be found here: https://kb.isc.org/article/AA-00626/ -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
