Re: Scripts for zsk rollover in 9.7

> I'm not sure it is a good idea. BIND is already quite loaded in > features. Why not relying on dedicated free software such as > OpenDNSSEC ? AFAIK, OpenDNSSEC works fine with 9.7. (And it rocks and everyone should check it out.) But there's room for both approaches

Re: Scripts for zsk rollover in 9.7

Stephane Bortzmeyer wrote: >> We have plans to improve this in 9.7.x (where x probably equals 1) >> in a couple of ways: first, by making it possible to assign each key >> an explicit successor key and warn the user if a key is set to >> expire without a successor; second, by making it possible to

Re: Scripts for zsk rollover in 9.7

On Sat, Feb 20, 2010 at 09:15:23PM +, Evan Hunt wrote a message of 22 lines which said: > We have plans to improve this in 9.7.x (where x probably equals 1) > in a couple of ways: first, by making it possible to assign each key > an explicit successor key and warn the user if a key is set

Re: Scripts for zsk rollover in 9.7

> So before I go rolling my own perl solution to read the > metadata out of the keyfiles and do the ZSK rolls, are > there any utilities that do this in 9.7. It looks like when > a zsk expires, bind's auto-signing will just drop it from > the zone. I recommend that you not set an expiration date f