And make sure named knows where the keys are "key-directory <path>;"
> On 14 Dec 2018, at 11:42 am, Mark Andrews <ma...@isc.org> wrote:
>
> auto-dnssec maintain;
>
>> On 14 Dec 2018, at 11:39 am, Edwardo Garcia <wdgar...@gmail.com> wrote:
>>
>>
>> zone "xxxxxxxx.com" {
>> type master;
>> allow-transfer { sysops; slaves; };
>> file "xxxxxxxxxx.signed";
>> allow-query { any; };
>> allow-update { key "corp"; };
>> };
>>
>> This is what we use now, so by dynamic update we are doing yes?
>>
>> And now we need just have named do automatic (re)signing?
>> Last time we tried, we kept killing our domain so google fail us, do you
>> know of a valid reference URL that is clear? that would be good?
>> Thanks
>>
>> On Fri, Dec 14, 2018 at 10:24 AM Mark Andrews <ma...@isc.org> wrote:
>> The best way is to configure you zone for dynamic updates and let named
>> automatically resign the zone as needed.
>>
>>> On 14 Dec 2018, at 11:13 am, Edwardo Garcia <wdgar...@gmail.com> wrote:
>>>
>>> Hi,
>>> What is the best practice for signing/re-singing zones with journal?
>>>
>>> We manually resign our domain, and use journaling, resigning is a PIA.
>>> if we forget to thaw, the zone bails and stays unloaded because journal
>>> roll forward error, which bring the question why? since resolution to this
>>> is stop named, remove journal file and restart, could named and rndc not be
>>> smarter in these instance? or at very least, reload zone from file so at
>>> least it does not take unsuspecting peoples off air.
>>>
>>> So, way we (try to remember to) do is:
>>> (modify zonefile if need)
>>> rndc freeze
>>> dnssec-signzone -options
>>> rndc thaw
>>>
>>> or is better way? it is the freeze/thaw we keep forgetting :-!
>>>
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>> --
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>>
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
