Automated DNSSEC (command line)
Mark Andrews
marka at isc.org
Fri May 28 23:06:40 UTC 2010
In message <20100528211806.GX4692 at tamay-dogan.net>, Michelle Konzack writes:
> Hello DNSSEC Experts,
>
> I am ongoing to install 4 new Name Servers and increse my registrar and
> hosting service... =20
>
> OK, I have tried to make my own 4 domains with 16 zones signed and it
> took me one hour of my life!
>
> Since I have to re-sign the zones if something change it will give me
> headaches up to the end of my life, so my queston is:
>
> Is there a command line tool (or a daemon) which
> check for changes and re-sign the zone automated?
>
> I can not believe, that you are signing each zone by hand! :-D
>
> Can an expert please check 'dig ANY tamay-dogan.net' whether this is
> right?
>
> Also I am not realy sure whether I need "dnssec-validation yes" in my
> "options".
>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
>
> --=20
> ##################### Debian GNU/Linux Consultant ######################
> Development of Intranet and Embedded Systems with Debian GNU/Linux
>
> itsystems at tdnet France EURL itsystems at tdnet UG (limited liability)
> Owner Michelle Konzack Owner Michelle Konzack
>
> Apt. 917 (homeoffice)
> 50, rue de Soultz Kinzigstra=DFe 17
> 67100 Strasbourg/France 77694 Kehl/Germany
> Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
> Tel: +33-9-52705884 fix
>
> <http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
> <http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>
>
> Jabber linux4michelle at jabber.ccc.de
> ICQ #328449886
>
> Linux-User #280138 with the Linux Counter, http://counter.li.org/
You can just let named re-sign the zone for you. Treat the zones
as dynamic and named from BIND 9.6 onwards will maintain the
signatures for you.
Use nsupdate to change the contents of the zone.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list