Scripts for zsk rollover in 9.7

Alan Clegg aclegg at isc.org
Tue Feb 23 15:01:48 UTC 2010


Stephane Bortzmeyer wrote:

>> We have plans to improve this in 9.7.x (where x probably equals 1)
>> in a couple of ways: first, by making it possible to assign each key
>> an explicit successor key and warn the user if a key is set to
>> expire without a successor; second, by making it possible to
>> configure named itself to generate new keys.
> 
> I'm not sure it is a good idea. BIND is already quite loaded in
> features. Why not relying on dedicated free software such as
> OpenDNSSEC <http://www.opendnssec.org/>?

I've looked at OpenDNSSEC, and while I think it is a great product that
will do good things for lots of people, I think that it is complex, adds
many additional dependencies to the system on which it runs and makes
the maintainer responsible for yet another set of complicated
configuration files.

The additions to BIND will allow the automatic maintenance of the zones
and keys without adding database management software, etc.

AlanC (and yes, I work for ISC, so I'm a bit prejudiced)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100223/9dfef644/attachment.bin>


More information about the bind-users mailing list