I use an unsigned hidden master I maintain from inside my local network.
This feeds a secondary server where the signing is done and it acts as
a master to other secondaries. Works well. Started as an experiment
and works well enough I've left it alone.
Hidden master >> DNSSEC signing
hi mark
>> hidden primary can not sign. can the public primary which fetches
>> from it, and happens to be primary for the parent zone, do bitw
>> signing?
>
> In-line signing is the concept you are looking for and yes named
> supports it.
i know bind9 does bitw. happy to learn it is called in
In-line signing is the concept you are looking for and yes named supports it.
--
Mark Andrews
> On 22 Jan 2023, at 07:42, Randy Bush wrote:
>
> hidden primary can not sign. can the public primary which fetches from
> it, and happens to be primary for the parent zone, do bitw signing?
>
> r
hidden primary can not sign. can the public primary which fetches from
it, and happens to be primary for the parent zone, do bitw signing?
randy
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support
4 matches
Mail list logo
