Problem solved.
Manual helped: "If the label contains a pin-source field, tools using
the generated key files will be able to use
the HSM for signing and other operations without any need for an
operator to manually enter a
PIN."
Thank you !
On 08/04/15 19:21, Catalin Leanca wrote:
Hello,
It helps only for dnssec-keyfromlabel tool that accepts "-l" parameter,
but for dnssec-signzone i didn't find any reference. And the main problem
is automatically internal signing with "auto-dnssec".
On 08/04/15 18:21, Jeremy C. Reed wrote:
My question is about auto-dnssec feature that maintain zone by
internally signing RRs. How this feature will work without a PIN since
BIND needs access to private key when it needs to resign automatically
and i did't find a way to provide the PIN throught configuration files
?
Hi,
Does the reference manual section about proving the PIN help?
http://ftp.isc.org/isc/bind9/9.10.2/doc/arm/Bv9ARM.ch04.html#id2639064
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
