Am 26.01.2013 um 00:39 schrieb Michael W. Lucas:
Hi,
I'm trying to automate key rollover with BIND 9.9.2 (will soon upgrade
to new rev). I have a couple of elementary questions that seem to be
answered briefly in the documentation, but I suspect that my grasp of
key rollover is clouded by
Hello,
we have a few BIND (9.9) slave servers, each slaving a couple of hundred
thousand small zones (a dozen records in each). A file included into
named.conf is periodically generated from a database, and named is
reconfigured (rndc reconfig) to load new slave zones.
I'm considering replacing
On Sat, Jan 26, 2013 at 10:49:39AM +0100, Axel Rau wrote:
Am 26.01.2013 um 00:39 schrieb Michael W. Lucas:
It's your responsibility to create the keys and to renew the DS-RR with your
registrar.
Thank you for the straightforward answer.
I have written a python3 script which does all this
What are other people using to automate key rollovers with 9.9?
Michael: I automated mine by generating a set of 9 ZSKs and 2 KSKs for each
zone in advance, setting the timing metadata to achieve a 90-day prepublication
rollover cycle for the ZSKs and a 720-day rollover cycle for the KSKs.
- Original Message -
What are other people using to automate key rollovers with 9.9?
I use cron to generate new ZSKs at regular intervals (1st of every 3rd month,
with a 10 day window.) and do periodic resigns (every payday, and rely on the
tools to handle the rollover correctly.
1. Is named 'deaf' during an `rndc addzone'? I don't think so, but I'm
finding it hard to determine definitely. I'm primarily concerned with
named being able to handle any NOTIFYs it gets.
The addzone task (like several other rndc commands) will temporarily
acquire exclusive control of
6 matches
Mail list logo
