Bind and ZSK-Rollovers: Changing salt automatically?
Johannes Kastl
mail at ojkastl.de
Mon Jul 28 19:44:57 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 28.07.14 19:09 Evan Hunt wrote:
> On Mon, Jul 28, 2014 at 06:16:13PM +0200, Johannes Kastl wrote:
>> So basically BIND cannot do that for me, each time it does a key
>> rollover. That's what I wanted to know.
>
> "rndc signing -nsec3param" can change your salt. Specifying "auto"
> as the salt causes named to generate a salt at random.
Good to know.
> There's currently no way to schedule it the way you can schedule
> key rollovers, but you can put it in a crontab.
As I said, knowing that BIND does not do that automatically and I have
to put it in a crontab is exactly what I wanted to know...
Thanks for the answer.
Regards,
Johannes
- --
Sex is like hacking. You get in, you get out, and you hope you didnt
leave something behind that can be traced back to you.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/
iEYEARECAAYFAlPWqDkACgkQzi3gQ/xETbLIQACfUmKFDj49mPw9/WQacLDHjECR
NjkAn0j++xb8pVQm/X/VeUOQ87RNQDOO
=5Fk7
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list