On Wed, Jun 12, 2019 at 8:25 PM Evan Hunt <e...@isc.org> wrote: > > On Wed, Jun 12, 2019 at 11:40:27PM +0000, Shawn Zhou via bind-users wrote: > > The default BIND9 installation for CentOS7 has dnssec-validation set to > > "yes" and it also includes managed-keys as well. Do those managed-keys > > get updated automatically? > > Yes, if the "managed-keys" statement is in named.conf (or included in > it via an "include" statement) then the keys will be updated automatically. ... assuming that named can write to the directory. This is definitely worth double-checking.
W > Based on what you copy-pasted, that appears to be the case. > > "dnssec-validation auto" causes named to use its built-in key for the root > zone, so you don't have to put your own "managed-keys" statement into > named.conf, but otherwise it's the same as "dnssec-validation yes". > > (BTW, a note in passing: we're changing the command from "managed-keys" to > "dnssec-keys" over the next few years. The new syntax will be available in > BIND 9.15.1, which should be out next week; the old syntax will be > phased out later.) > > -- > Evan Hunt -- e...@isc.org > Internet Systems Consortium, Inc. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
