kasp-policy and catalog zones
Matthijs Mekking
matthijs at isc.org
Tue Sep 22 14:17:54 UTC 2020
Hi Christian,
There are no plans for this.
While technically a secondary can have a "dnssec-policy" statement
(acting as a bump-in-the-wire signer), signing a zone is mainly a
primary server responsibility and a policy configuration does not need
to be transferred to its secondaries.
For now I would suggest just add the zone with `rndc addzone` to the
primary or update the primary name server configuration and add the
"dnssec-policy" option.
Best regards,
Matthijs
On 9/18/20 7:52 PM, BÖSCH Christian wrote:
> Hi,
>
>
>
> Is there a plan when the option for KASP "dnssec-policy" within
>
> a catalog member zone will be available?
>
> Just like with allow-transfer.catalog.example. IN APL ….
>
>
>
> Thanks,
>
> Christian
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200922/8cf7c454/attachment.bin>
More information about the bind-users
mailing list