Re: dnssec (re)signing and journaling

Thu, 13 Dec 2018 16:43:29 -0800 

auto-dnssec maintain;

> On 14 Dec 2018, at 11:39 am, Edwardo Garcia <wdgar...@gmail.com> wrote:
> 
> 
> zone "xxxxxxxx.com" {
>         type master;
>         allow-transfer { sysops; slaves; };
>         file "xxxxxxxxxx.signed";
>         allow-query { any; };
>         allow-update { key "corp"; };
> };
>   
> This is what we use now, so by dynamic update we are doing yes?
> 
> And now we need just have named do automatic (re)signing? 
> Last time we tried, we kept killing our domain so google fail us, do  you 
> know of a valid reference URL that is clear? that would be good?
> Thanks
> 
> On Fri, Dec 14, 2018 at 10:24 AM Mark Andrews <ma...@isc.org> wrote:
> The best way is to configure you zone for dynamic updates and let named
> automatically resign the zone as needed.
> 
> > On 14 Dec 2018, at 11:13 am, Edwardo Garcia <wdgar...@gmail.com> wrote:
> > 
> > Hi,
> > What is the best practice for signing/re-singing zones with journal?
> > 
> > We manually resign our domain, and use journaling, resigning is a PIA. 
> > if we forget to thaw, the zone bails and stays unloaded because journal 
> > roll forward error, which bring the question why? since resolution to this 
> > is stop named, remove journal file and restart, could named and rndc not be 
> > smarter in these instance? or at very least, reload zone from file so at 
> > least it does not take unsuspecting peoples off air.
> > 
> > So, way we (try to remember to) do is: 
> > (modify zonefile if need)
> > rndc freeze
> > dnssec-signzone  -options
> > rndc thaw
> > 
> > or is better way? it is the freeze/thaw we keep forgetting :-!
> > 
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> > unsubscribe from this list
> > 
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: ma...@isc.org
> 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: ma...@isc.org

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to