i've read this comment
'inline-signing' might go away and be replaced by dnssec-policy
now a few times, in posts and in docs
currently, WITH 'dnssec-policy' signing enabled & in-use, i've
zone "example.com" IN {
type master; file "namedb/primary/example.com.zone";
dnssec-policy "test";
inline-signing yes;
...
the 'inline-signing yes;' is needed IN ADDITION to 'dnssec-policy' in order to
_not_ overwrite original zone files/data on signing. e.g., with the config
above
cd namedb/primary/
ls -1 *example*
example.com.zone <==== THIS is the original, unsigned
zone data
example.com.zone.jbk
example.com.zone.jnl
example.com.zone.signed <==== THIS is the signing-generated
zone data, which gets propagated
example.com.zone.signed.jnl
without it, the original "example.com.zone" is overwritten with signed data.
is there already config in, or planned for, 'dnssec-policy' that preserves that
separate-file functionality, preserving the original?
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
