Mark Elkins <m...@posix.co.za> wrote:
> With BIND version 9.12 coming out - I'm wondering if I've missed any
> announcements on some form of Automatic (DNS)Key Management?
> Something that will create and retire keys according to some sort of policy.
See dnssec-keymgr (new in 9.11) which will automate ZSK management.
KSKs are still difficult. I don't know of any nice software for pushing
delegation updates through registrars. It's a fairly tedious business
because in many cases you'll need to talk to several different parents so
you have to write the same code in several different ways. Even the good
APIs (Gandi, RIPE) have murky corners (EPP itself is a movable feast), and
sometimes you may be stuck without an API and reduced to scripting
PhantomJS or something similarly horrible.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode
Portland, Plymouth: Northwest 5 or 6, occasionally 7 at first, then decreasing
4 at times. Very rough at first in southwest Plymouth, otherwise moderate or
rough becoming slight or moderate. Thundery showers. Good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
