Bind 9.9.0b2 inline signing...
Spain, Dr. Jeffry A.
spainj at countryday.net
Wed Nov 23 18:03:24 UTC 2011
Evan: I'd like to ask for clarification. My understanding is that "inline-signing yes:" is necessary to cause bind to keep separate signed and unsigned zone files, and that the source of the unsigned zone file can be a disk file in the case of a master, or a zone transfer in the case of a slave. I further understand that "update-policy local;" is necessary to allow the use of nsupdate on the local machine to operate on the applicable master zone. Therefore if you want to use nsupdate locally and have separate signed and unsigned master zone files, you need both of the above statements in the zone configuration. Would you please comment on any misunderstanding on my part about this.
By the way, I think there is a typo on page 99 of Bv9ARM.pdf: For "inline-signing inline-signing", read "inline-signing".
From: bind-users-bounces+spainj=countryday.net at lists.isc.org [mailto:bind-users-bounces+spainj=countryday.net at lists.isc.org] On Behalf Of Evan Hunt
Sent: Wednesday, November 23, 2011 12:01 PM
To: Jan-Piet Mens
Cc: bind-users at lists.isc.org
Subject: Re: Bind 9.9.0b2 inline signing...
> > I did something similar, using nsupdate to modify the unsigned zone
> > instead of a manual edit. [...] "rndc reload" is not necessary.
> `rndc reload' never is necessary if you use DDNS to update master zones.
True, but in that situation 'inline-signing' isn't necessary either.
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
More information about the bind-users