Using DNSSec with BIND

Alan Clegg alan at
Wed Oct 26 21:22:34 UTC 2011

On 10/26/2011 1:53 PM, Mike Rostermund wrote:
> Hi all,
> I've managed to set up two new DNS servers. One as a master, and the
> second as a slave.
> All works perfectly using the traditionally DNS services, but I want to
> get DNSSec up and running.
> So far I've managed to create the key's needed for my zones, sign the
> zones, load these zones into
> BIND and I can query to get a correct answer if I ask for it (with all
> DNSSec stuff added).
> My question is now: What is the best practice for resigning the zones?

BIND 9.7 or newer, dynamic zones and "auto-dnssec maintain;"

alan at | aclegg at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the bind-users mailing list