Hi all,
reading about the various ways to sign zones, inline-signing seems to be the
simplest one. However, a 2014 Swiss howto I found has this obscure warning:
Update Nov 2017: DNSSEC zone signing as described here is outdated.
We strongly recommend against the method described in this blog post.
Newer BIND versions or other DNS software have greatly simplified
DNSSEC signing.
https://securityblog.switch.ch/2014/11/13/dnssec-signing-your-domain-with-bind-inline-signing/
The (old) text has inline signing exemplified like so:
zone example.com {
type master;
file "/etc/bind/zones/db.example.com”;
# publish and activate dnssec keys
auto-dnssec maintain;
# use inline signing
inline-signing yes;
};
Did a better way arrive between 2014 and 2017? What does that warning mean?
Thank you
Ale
--
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
