manage managed-keys?
Gilles Massen
gilles.massen at restena.lu
Mon Jul 19 12:44:02 UTC 2010
Evan,
Evan Hunt wrote:
>> How do you manage "managed-keys"?
> BIND 9.7.2 will introduce a command "rndc secroots" that dumps
> a list of the current trust anchors for each view to a file.
Thanks, good to know.
> To remove a key from managed-keys.bind, just remove the initial key
> for that name from the managed-keys statement in named.conf and run
> "rndc reconfig". Any keys found in managed-keys.bind that don't have
> a matching key name in in named.conf are removed.
Ok, that's good enough.
BTW, does bind keep track of a trust anchor history, i.e. the chain from
the configured initial key to the now current TA? Or does it just keep
the 'last known good'?
Gilles
--
Fondation RESTENA - DNS-LU
6, rue Coudenhove-Kalergi
L-1359 Luxembourg
tel: (+352) 424409
fax: (+352) 422473
More information about the bind-users
mailing list