On 16 Dec 2022, at 15:59, adrien sipasseuth wrote: > - on the slaves: files <zone>.db > > I don't understand why there is no <zone>.db.signed file on my slave > knowing that a dig from a slave does return RRSIG.
The secondary (slave) only needs one file to hold whatever zone data the primary provides when transferring the zone. It doesn't actually matter what you call this file, but something based on the name of the zone will likely make it easier to understand months later. The primary uses additional files to contain the keys and to hold both DNSSEC and NSUPDATE state. These files aren't needed on the secondaries. On a secondary, I actually prefer to use a suffix distinct from any used on the primary (eg. ".bk"), so that I don't have to worry about filename collisions in case, in an emergency, I might need to import the primary files from backup and reconfigure what is normally a secondary as a primary instead. I hope this helps. Niall -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
