AW: Deprecating auto-dnssec and inline-signing in 9.18+
Tim Daneliuk
tundra at tundraware.com
Tue Aug 10 13:51:04 UTC 2021
On 8/10/21 7:51 AM, Matthijs Mekking wrote:
> Hi Klaus,
>
> On 10-08-2021 13:38, Klaus Darilion wrote:
>> Hi Matthijs!
>>
>>> We would like to encourage you to change your configurations to 'dnssec-policy'. See this KB article for migration help:
>>>
>>> https://kb.isc.org/docs/dnssec-key-and-signing-policy
>>
>> Some comments to this KB article and dnssec-policy:
>>
>> - The article should mention how to retrieve the DS record from
>> Bind.
So just to be sure I'm doing the right thing, I've added this to my
options stanza:
dnssec-policy "default";
Then restarted named and now all the signing magic is taken care of for
me for all zones? (I was not previously using signing.)
TIA,
--
----------------------------------------------------------------------------
Tim Daneliuk tundra at tundraware.com
PGP Key: http://www.tundraware.com/PGP/
More information about the bind-users
mailing list