Automatic RRSIG Refresh in BIND 9.8.2

Tony Finch dot at
Wed Jul 12 12:28:35 UTC 2017

Latitude <arlendelcastillo at> wrote:
> Should DNSSEC key signing keys and zone signing keys also be located in a
> directory inside the /dynamic directory? Would it be acceptable to have them
> in a directory such as /var/named/chroot/etc/keys/dnssec?

On my master server I have zone files and journals in a .../zone/
directory writable by named, and DNSSEC keys in a different .../key/
directory read-only for named, but writable by a semi-privileged user
that is responsible for key maintenance.

f.anthony.n.finch  <dot at>  -  I xn--zr8h punycode
Shannon: Variable 3, becoming west 4 or 5. Moderate. Occasional drizzle.
Moderate or good.

More information about the bind-users mailing list