DNSSEC and IXFR
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Jan 5 13:52:02 UTC 2012
>> Is it possible to update DNSSEC-signed domain, re-sign and generate
>> small differencies to be transferred by IXFR?
>>
>> Does it apply with dynamic updates, and with manually configur4ed
>> zones (via ixfr-from-differencies turned on)?
On 25.11.11 17:18, Evan Hunt wrote:
>It works fine with dynamic updates, and as of 9.9.0 it will also work
>with manually configured zones that have inline-signing turned on.
And for example, when a simple RR addition/deletion is issued, is a
while zone re-signed or does just newly added record with proper NSEC
records issued, so the change can be transferred as a very simple IXFR
removing old NSEC and adding new record with tro NSEC's ?
Or, is there something I don't understand correctlt about DNSSEC?
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"To Boot or not to Boot, that's the question." [WD1270 Caviar]
More information about the bind-users
mailing list