[email protected] wrote: > On Thu, Jun 26, 2014 at 10:21:06PM +0100, Jorge Bastos wrote: >> For the DNSSEC part, is there a way to create the DNSSEC information just by >> SQL ? >> >> If not, the solution is to run "pdnssec secure-zone ZONE" in a loop on a >> cron script, am I right? > > I do not know about a SQL only solution for MySQL DNSSEC signing, but I > know that there is a sample schema for Oracle that includes the needed > triggers and functions and that I have a basically complete version of > the same for PostgreSQL that I will be submitting to the PDNS folks once > we have it vetted for production.
Hmm, am I the only one who is concerned about the security of the signing process? Please don't get me wrong. But people are advocating DANE nowadays and aim to completely replace X.509 certs with that. So security of the signed RRs is crucial just like issuing X.509 certs. And yes, I know that it's hard to achieve a higher level of operational security. Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
