Using DNSSec with BIND

Mike Rostermund mike at
Wed Oct 26 17:53:56 UTC 2011

Hi all,

I've managed to set up two new DNS servers. One as a master, and the 
second as a slave.
All works perfectly using the traditionally DNS services, but I want to 
get DNSSec up and running.
So far I've managed to create the key's needed for my zones, sign the 
zones, load these zones into
BIND and I can query to get a correct answer if I ask for it (with all 
DNSSec stuff added).

My question is now: What is the best practice for resigning the zones?

I dont want to manually sign the zones each time they run out.
So what is 'usual' way to make this happen? There must be some sort of 
nice way, so I dont have to
create some nasty homebrew shellscript and add such as a cronjob.

Best regards
Mike Rostermund

More information about the bind-users mailing list