Evan: I'd like to ask for clarification. My understanding is that "inline-signing yes:" is necessary to cause bind to keep separate signed and unsigned zone files, and that the source of the unsigned zone file can be a disk file in the case of a master, or a zone transfer in the case of a slave. I further understand that "update-policy local;" is necessary to allow the use of nsupdate on the local machine to operate on the applicable master zone. Therefore if you want to use nsupdate locally and have separate signed and unsigned master zone files, you need both of the above statements in the zone configuration. Would you please comment on any misunderstanding on my part about this.
By the way, I think there is a typo on page 99 of Bv9ARM.pdf: For "inline-signing inline-signing", read "inline-signing". Thanks. Jeff. -----Original Message----- From: bind-users-bounces+spainj=countryday....@lists.isc.org [mailto:bind-users-bounces+spainj=countryday....@lists.isc.org] On Behalf Of Evan Hunt Sent: Wednesday, November 23, 2011 12:01 PM To: Jan-Piet Mens Cc: bind-users@lists.isc.org Subject: Re: Bind 9.9.0b2 inline signing... > > I did something similar, using nsupdate to modify the unsigned zone > > instead of a manual edit. [...] "rndc reload" is not necessary. > > `rndc reload' never is necessary if you use DDNS to update master zones. True, but in that situation 'inline-signing' isn't necessary either. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
