Peter Fraser <[email protected]> wrote:
>
> I am using bind-9.14.x and here are the DNSSEC related entries in the zone.
>
> auto-dnssec maintain;
> update-policy local;
> key-directory “zones/domain-keys”;
How you go about this depends on whether your configuration enables
`inline-signing` or not.
If it has inline-signing, you should see in the filesystem that each zone
file has .signed (and possibly .jnl) files alongside. You can update the
zone using
(edit the non-.signed zone file)
rndc reload
If it does not have inline-signing I prefer to use `nsupdate` to update
the zones, usually with my `nsdiff` or `nsvi` tools. Or you can,
rndc freeze
(edit the zone file)
rndc thaw
https://dotat.at/prog/nsdiff/
Tony.
--
f.anthony.n.finch <[email protected]> https://dotat.at/
Biscay: Southwest 3 to 5 increasing 5 to 7. Rough, occasionally
moderate in east, becoming very rough in west. Thundery showers. Good,
occasionally poor.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
