Tony Finch dot at dotat.at
Tue Oct 4 19:37:44 UTC 2011

McConville, Kevin <kmcconville at albany.edu> wrote:
> 1)  Is there any way to have the zsk be auto-generated based upon the
> inactive date listed in the zsk meta-data?

Not yet, though I believe this feature is on the wish list.

> 2)  With a static zone, are the update-policy local and auto-dnssec
> maintain options invalid/don't work? From the docs, they look like they
> are only for automation of dynamic zones?


> 3)  Are there any ways to automate zone signing and zsk
> generation/roll-over with a totally static zone environment?

You can wait for BIND 9.9 and its inline-signing feature. Alternatively,
create a separate live dynamic zone and use something like my nsdiff
script to feed changes from your static zone file into it.


