In message <2274914.OQEsm7p8Dx@dan>, "Daniel A. Ramaley" writes: > On 2016-07-05 at 15:26:31 Tony Finch wrote: > > There is a third option: > > > > 3) Maintain zone files with a text editor, and use inline-signing mode > > to get named to sign them. > > > > For option 3 you don't want an update-policy clause. > > OK, that's actually the behavior that i was trying to achieve. Earlier i > tried commenting out the update-policy line and doing some testing and > it didn't work. But then i discovered a permissions problem on some of > the key files. Once i fixed the key files permissions, Bind started > behaving exactly the way i'd like it to! > > Thanks again for the help! I've done enough testing now that i'm > reasonably confident Bind is behaving the way we want it to, where we > can maintain the zone files with a text editor, but let Bind manage the > signing.
If you want to use a editor you can always use contrib/zone-edit.sh which uses nsupdate to perform the actual updates after editing the zone contents. The script transfers the current zone from the server and strips out the most of the DNSSEC records prior to editing. Really large changes need to be done in smaller chucks but for day to day changes it should be not significantly different from what is currently being done and you don't have to remember to update the serial. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
