Re: 'inline-signing' might go away and be replaced by dnssec-policy ?

Jan-Piet Mens via bind-users Wed, 26 Oct 2022 10:00:52 -0700

the 'inline-signing yes;' is needed IN ADDITION to 'dnssec-policy' in order to
_not_ overwrite original zone files/data on signing.


I cannot confirm that (9.17.22):

% ls -1
example.aa
named.conf

% cat named.conf
options {
        directory ".";
        listen-on port 5301 { 127.0.0.2; };
        recursion no;
        dnssec-validation no;
};

zone "example.aa" in {
        type primary;
        file "example.aa";
        dnssec-policy "default";
};

% named -g -c named.conf  &

% ls -1
Kexample.aa.+013+11677.key
Kexample.aa.+013+11677.private
Kexample.aa.+013+11677.state
example.aa
example.aa.jbk
example.aa.signed
example.aa.signed.jnl
named.conf

The .signed has the signed zone from which BIND serves data, and the original
source file is unchanged.

        -JP
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

Re: 'inline-signing' might go away and be replaced by dnssec-policy ?

Reply via email to