E R <fasteddieinaus...@gmail.com> wrote:
> I am planning on implementing the current version of BIND to replace the
> aging, undocumented authoritative servers I inherited. I want to hide the
> primary server on our internal network and have two secondary servers be
> publicly available. While reading the DNSSEC Guide
> <https://bind9.readthedocs.io/en/v9_18_9/dnssec-guide.html#recipes>
recipes
> it seems to imply that I cannot have a hidden primary that handles all the
> DNSSEC stuff.Many people do exactly that. Check out the: “Bump in the Wire” Signing section. In my opinion, this is the best way to do things, and the in-place signing is just a total pain.
signature.asc
Description: PGP signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
