alHello,
Browsing through the man page for named.conf, the directive auto-dnssec
is stated to allow the following values:
auto-dnssec allow|maintain|create|off;
The "create" option caught my attention, because it indicated that bind
could perform not only automatic roll-overs of prepared keys with the
correct meta-data from a specified directory, but also create new ZSK
and KSK keys as necessary.
After experimenting with this option, I found out that the latest BIND
9.9.4 considers it invalid, and googling further revealed to me that the
directive had the "to-be-implemented" status in 9.9.7, only to be
scraped altogether later (I found a changelog item mentioning removal of
all referenced to it, so I consider the man-page reference to be an
omission).
Still, why was this highly useful option scraped? Was the reason effort
to discourage bad practices of having the KSK key on the same machine
that serves as the primary master?
Thank you in advance for any insights provided.
--
S pozdravem,
Daniel Ryšlink
System Administrator
Dial Telecom a. s.
Křižíkova 36a/237
186 00 Praha 3, Česká Republika
Tel.:+420.226204627
daniel.rysl...@dialtelecom.cz
-----------------------------------------------
www.dialtelecom.cz
Dial Telecom, a.s.
Jednoduše se připojte
-----------------------------------------------
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
