Bind 9.9.0b2 inline signing...

Spain, Dr. Jeffry A. spainj at
Wed Nov 23 18:03:24 UTC 2011

Evan: I'd like to ask for clarification. My understanding is that "inline-signing yes:" is necessary to cause bind to keep separate signed and unsigned zone files, and that the source of the unsigned zone file can be a disk file in the case of a master, or a zone transfer in the case of a slave. I further understand that "update-policy local;" is necessary to allow the use of nsupdate on the local machine to operate on the applicable master zone. Therefore if you want to use nsupdate locally and have separate signed and unsigned master zone files, you need both of the above statements in the zone configuration. Would you please comment on any misunderstanding on my part about this.

By the way, I think there is a typo on page 99 of Bv9ARM.pdf: For "inline-signing inline-signing", read "inline-signing".

Thanks. Jeff.

-----Original Message-----
From: at [ at] On Behalf Of Evan Hunt
Sent: Wednesday, November 23, 2011 12:01 PM
To: Jan-Piet Mens
Cc: bind-users at
Subject: Re: Bind 9.9.0b2 inline signing...

> > I did something similar, using nsupdate to modify the unsigned zone 
> > instead of a manual edit. [...]  "rndc reload" is not necessary.
> `rndc reload' never is necessary if you use DDNS to update master zones.

True, but in that situation 'inline-signing' isn't necessary either.  

Evan Hunt -- each at
Internet Systems Consortium, Inc.
Please visit to unsubscribe from this list

bind-users mailing list
bind-users at

More information about the bind-users mailing list