Automatic RRSIG Refresh in BIND 9.8.2
dot at dotat.at
Wed Jul 12 12:28:35 UTC 2017
Latitude <arlendelcastillo at gmail.com> wrote:
> Should DNSSEC key signing keys and zone signing keys also be located in a
> directory inside the /dynamic directory? Would it be acceptable to have them
> in a directory such as /var/named/chroot/etc/keys/dnssec?
On my master server I have zone files and journals in a .../zone/
directory writable by named, and DNSSEC keys in a different .../key/
directory read-only for named, but writable by a semi-privileged user
that is responsible for key maintenance.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Shannon: Variable 3, becoming west 4 or 5. Moderate. Occasional drizzle.
Moderate or good.
More information about the bind-users