dns-sec and Maintaining Human Sanity
Niobos
niobos at dest-unreach.be
Fri Aug 6 11:31:26 UTC 2010
Hi,
On 2010-08-06 13:24, Martin McCormick wrote:
> We are upgrading all DNS and DHCP servers to FreeBSD8.0
> and my plan was to use bind9.6x. If there is a better version for
> dns-sec, best to plan to use it now in order to sleigh as much
> of this dragon which is breathing fire on the edge of town and
> threatens to move in soon.
Definitely consider the 9.7 series! You can enable auto-dnssec which
will maintain your signatures for you out-of-the-box. It also supports
key rollover, but IIRC doesn't generate new keys at this moment.
see for more details:
http://www.isc.org/software/bind/new-features/9.7
http://www.isc.org/community/blog/201006/bind-972-and-and-automatic-dnssec-signing
Niobos
More information about the bind-users
mailing list