On 12/04/2023 7:51 pm, Petr Špaček wrote:
There is a philosophical question whether this is something a DNS server should do.
You make a very good point.
There are external tools which can automate zone scan, e.g. https://github.com/CZ-NIC/fred-cdnskey-scanner
It hadn't occurred to me to look for a third-party solution. :-P
I suppose that it should be possible to glue it to standard DNS UPDATE mechanism and thus make it work with any standard DNS server.
I must admit I was hoping for a solution that didn't require me to convert my main zone into a dynamic zone - i.e. something that would work within the inline-signing framework. But perhaps I was being overly optimistic?
I've decided I'll stick with manual KSK roll-overs for now... :-) Thanks again. Nick. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
