Stephane Bortzmeyer wrote: >> We have plans to improve this in 9.7.x (where x probably equals 1) >> in a couple of ways: first, by making it possible to assign each key >> an explicit successor key and warn the user if a key is set to >> expire without a successor; second, by making it possible to >> configure named itself to generate new keys. > > I'm not sure it is a good idea. BIND is already quite loaded in > features. Why not relying on dedicated free software such as > OpenDNSSEC <http://www.opendnssec.org/>?
I've looked at OpenDNSSEC, and while I think it is a great product that will do good things for lots of people, I think that it is complex, adds many additional dependencies to the system on which it runs and makes the maintainer responsible for yet another set of complicated configuration files. The additions to BIND will allow the automatic maintenance of the zones and keys without adding database management software, etc. AlanC (and yes, I work for ISC, so I'm a bit prejudiced)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users