David Alexandre M. de Carvalho <da...@di.ubi.pt> wrote: > A few hints and tips...
> my named.conf already has the following: > > dnssec-enable yes; You don't need this because it's on by default :-) > dnssec-lookaside auto; You want to remove this because the DNSSEC lookaside validation service has been decommissioned. > bindkeys-file "/etc/named.iscdlv.key"; I prefer not to configure this or install the file, instead relying on BIND's compiled-in copy because that means one less thing to maintain. > 2) I have one global "hosts" file and 3 reverse zone files, each for the > respective IP network. Can I use the same Keypair in all of them? Each zone should have its own zsk and ksk (two K*.key and K*.private files for each zone). Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Mull of Galloway to Mull of Kintyre including the Firth of Clyde and North Channel: Northwesterly 4 to 6 backing westerly 3 to 5, then southwesterly 2 to 4 later. Smooth or slight in far north, but elsewhere slight or moderate. Showers, wintry at first. Good, occasionally moderate. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
