AW: Deprecating auto-dnssec and inline-signing in 9.18+
Tim Daneliuk
tundra at tundraware.com
Tue Aug 10 16:24:31 UTC 2021
On 8/10/21 10:07 AM, Matthijs Mekking wrote:
>> So just to be sure I'm doing the right thing, I've added this to my
>> options stanza:
>>
>> dnssec-policy "default";
>>
>> Then restarted named and now all the signing magic is taken care of for
>> me for all zones? (I was not previously using signing.)
>
> Correct.
>
> But you still need to manually submit the DS record to your registrar/parent and if you see the DS published run:
>
> rndc dnssec -checkds published <zone>.
I've never done any of the signing work before (other than for master/slave).
Could you kindly point me to something like
"DS Record Creation And Implementation For Dummies"?
Thanks,
----------------------------------------------------------------------------
Tim Daneliuk tundra at tundraware.com
PGP Key: http://www.tundraware.com/PGP/
More information about the bind-users
mailing list