Native pkcs#11 and auto-dnssec feature

Catalin Leanca catalinl at
Wed Apr 8 16:21:45 UTC 2015


It helps only for dnssec-keyfromlabel tool that accepts "-l" parameter,
but for dnssec-signzone i didn't find any reference. And the main problem
is automatically internal signing with "auto-dnssec".

On 08/04/15 18:21, Jeremy C. Reed wrote:
>> My question is about auto-dnssec feature that maintain zone by
>> internally signing RRs. How this feature will work without a PIN since
>> BIND needs access to private key when it needs to resign automatically
>> and i did't find a way to provide the PIN throught configuration files
>> ?
> Hi,
> Does the reference manual section about proving the PIN help?

More information about the bind-users mailing list