Hi Christian, There are no plans for this.
While technically a secondary can have a "dnssec-policy" statement (acting as a bump-in-the-wire signer), signing a zone is mainly a primary server responsibility and a policy configuration does not need to be transferred to its secondaries. For now I would suggest just add the zone with `rndc addzone` to the primary or update the primary name server configuration and add the "dnssec-policy" option. Best regards, Matthijs On 9/18/20 7:52 PM, BÖSCH Christian wrote: > Hi, > > > > Is there a plan when the option for KASP "dnssec-policy" within > > a catalog member zone will be available? > > Just like with allow-transfer.catalog.example. IN APL …. > > > > Thanks, > > Christian > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > [email protected] > https://lists.isc.org/mailman/listinfo/bind-users >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
