hi mark
>> hidden primary can not sign. can the public primary which fetches
>> from it, and happens to be primary for the parent zone, do bitw
>> signing?
>
> In-line signing is the concept you are looking for and yes named
> supports it.
i know bind9 does bitw. happy to learn it is called inline-signing.
sorry not to have been clear. i want to sign a zone where the server is
secondary. i.e. may i use
zone "foo.bar" {
type slave;
file "secondary/bar.foo"; // yes, i like dir list to alpha sort
...
auto-dnssec maintain;
inline-signing yes;
}
looking at example 2 in https://kb.isc.org/docs/aa-00626, i think that
this will work, i.e. there will be a `secondary/bar.foo.signed` from
which i can extract the DS needed by the parent zone, the server will
send notifies etc.
randy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
