Thanks, I will head on over and take a look, sounds like something I should be interested in. Now if FreeBSD would just add 9.9 to the ports collection, it would save me from having to build it by hand..
--- Howard Leadmon > -----Original Message----- > From: Michael Graff [mailto:mgr...@isc.org] > Sent: Wednesday, January 11, 2012 10:48 AM > To: Howard Leadmon > Cc: bind-users@lists.isc.org > Subject: Re: DNSSEC made simple, is this possible? > > ISC is also, by pure luck, offering a web seminar on inline signing in BIND 9.9 > today. While the first one starts in 15 minutes as I write this message, there > are a total of three sessions today. > > Head on over to http://www.isc.org/webinar to find out the times and > information on how to join. > > Sorry for my rather short answer before, but I wanted to check that this was > indeed a public presentation before I sent people to a customer-only one. > > --Michael > > On Jan 11, 2012, at 9:31 AM, Howard Leadmon wrote: > > > > > OK, in an attempt to start using DNSSEC over here, I suppose I bit > > myself in the backside, and even spending some time using googlefu I > > still haven't quite figured this all out. > > > > I am currently running the current BIND 9.8.1, and setup to support > DNSSEC. > > After reading around a bit, I saw that setting auto-dnssec in the > > config would read in the keys and sign the zones automatically, this > seemed in > > theory to be perfect, so I configured it this way. After that the domains > > were signed, and going to places like the verisign debugger showed my > > domain was happily secured with DNSSEC. > > > > Then I go to make a change to my DNS file, whoa was I in for a shock, > > as apparently BIND took my nice text file for DNS I have edited for ages, > and > > converted it into a full signed zone. Try and edit that file, and if > > course it bitches about it no longer matching the .jnl file and drops the > > zone. This sure makes it hard to update things, well the way I am used to > > doing it. > > > > So I guess my million dollar question is, I want to use DNSSEC (it's > > actually working now), but I want to be able to edit my zone files the > > way I always have for many years, and just have BIND sign the zones with > the keys > > and update as needed to keep DNS running smoothly. Is there some easy > way > > to do this, some scripts someone has made, or some documentation to > > walk me through accomplishing this? > > > > I can't believe there aren't a lot of others that have run DNS just as > > I have for years and years, and just want a nice simple way to keep using > BIND > > and implementing the new security for the domains I manage. I have > googled > > till I have about turned blue, and maybe I am missing it, but I have > > seen some very complex keymanagement systems and so forth, I have no > > need for anything that complex, so figure I am missing the solution that is > hiding > > someplace. Any pointers?? > > > > > > --- > > Howard Leadmon > > > > > > > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users