Jan-Piet Mens wrote:
>> A Beginner's Guide to DNSSEC with BIND 9.
> Well done! A few comments, if I may:
{snip}
Thanks JP, I really appreciate the feedback. I'll take all of that onboard,
change my zones and guide from master/slave to primary/secondary, and take a
look at TSIG as well.
As PGNet Dev said, I would also be interested to hear more about
"inline-signing might go away". In fact when creating my first DNSSEC zone I
initially *did not* include this statement in the zone file, but this caused
named to fail to start and it threw the following error:
'dnssec-policy;' requires dynamic DNS or inline-signing to be configured for
the zone
Like PGNet Dev I would also prefer to continue to hand-edit my zone files for
the time being (rather than using a tool such as nsupdate) so I'm interested to
hear if this will still be supported or what the roadmap is for deprecating the
ability to hand-edit these files for DNSSEC-enabled zones.
Once again many thanks for taking the time to provide feedback and advice, I
really appreciate it. I'll take any further comments off-list.
Best,
Richard.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
