> So before I go rolling my own perl solution to read the > metadata out of the keyfiles and do the ZSK rolls, are > there any utilities that do this in 9.7. It looks like when > a zsk expires, bind's auto-signing will just drop it from > the zone.
I recommend that you not set an expiration date for any key until you have created its successor. We have plans to improve this in 9.7.x (where x probably equals 1) in a couple of ways: first, by making it possible to assign each key an explicit successor key and warn the user if a key is set to expire without a successor; second, by making it possible to configure named itself to generate new keys. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
