DNSSEC made simple, is this possible?

Tony Finch dot at dotat.at
Wed Jan 11 16:32:25 UTC 2012


Howard Leadmon <howard at leadmon.net> wrote:
>
>  So I guess my million dollar question is, I want to use DNSSEC (it's
> actually working now), but I want to be able to edit my zone files the way I
> always have for many years, and just have BIND sign the zones with the keys
> and update as needed to keep DNS running smoothly.   Is there some easy way
> to do this, some scripts someone has made, or some documentation to walk me
> through accomplishing this?

If you don't want to wait for BIND 9.9 inline-signing as others have
mentioned, have a look at my nsdiff script:

http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff
(use perldoc to format the embedded documentation)

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Sole: Variable 3 or 4. Moderate or rough. Mainly fair. Moderate or good.



More information about the bind-users mailing list