On 08/27/2010 11:32 AM, Alan Clegg wrote:
On 8/27/2010 11:42 AM, CT wrote:
Per my isc class and the book I received by Jeremy C. Reid ..
you still need to "include" your keys in the zone file either
via
$include<dir>/KSK
$include<dir>/ZSK1
$include<dir>/ZSK2
or
(cat *.key> allkeys) which is what I have done..
$include<dir>/allkeys
I thought the use of -S (smart signing) that this was no longer
necessary ..?
If you use "-S", dnssec-signzone pulls the keys into the zone file based
on the timing metadata. You don't need to $INCLUDE the keys any longer.
AlanC
Alan..
Much thanks for the info.. I had to include the keys for my keyset
upload to our registrar.. and it did require the keys either in the file
or with an include statement.. so a one time deal then..
Also discovered (was using 9.6.1-16.P3 before) the keyset does not
change after re-signing the zone...
One less file to keep up with ..
V/R
Charles
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
