Native pkcs#11 and auto-dnssec feature

Catalin Leanca catalinl at rotld.ro
Wed Apr 8 16:21:45 UTC 2015


Hello,

It helps only for dnssec-keyfromlabel tool that accepts "-l" parameter,
but for dnssec-signzone i didn't find any reference. And the main problem
is automatically internal signing with "auto-dnssec".


On 08/04/15 18:21, Jeremy C. Reed wrote:
>> My question is about auto-dnssec feature that maintain zone by
>> internally signing RRs. How this feature will work without a PIN since
>> BIND needs access to private key when it needs to resign automatically
>> and i did't find a way to provide the PIN throught configuration files
>> ?
> Hi,
>
> Does the reference manual section about proving the PIN help?
> http://ftp.isc.org/isc/bind9/9.10.2/doc/arm/Bv9ARM.ch04.html#id2639064



More information about the bind-users mailing list