Is it supported to bootstrap inline signing using dnssec-signzone?
$ named-compilezone -f text -F raw -o example.raw example.com
example.text
$ dnssec-signzone -S -K /etc/bind/keys -O raw -3 ABCDEF -H 19 -A -o
example.com -f example.raw.signed example.text
and then load the two files (example.raw, example.raw.signed) into an
inline signing configuration.
The solution is apparently working fine.
The reason for the above approach is performance. The initial inline
signing is slow (several hours of computing) when signing a large zone.
I have tried different values for "sig-signing-nodes" and
"sig-signing-signatures" - but no luck.
--
Niels Haarbo,
DK Hostmaster A/S
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users