hooks in bind's DNSSEC automation to trigger external scripting of DS RECORDS updates, when CDS/CDNSKEY polling is (still) not available?

Matthijs Mekking matthijs at isc.org
Thu Jun 17 10:09:56 UTC 2021

On 16-06-2021 17:04, PGNet Dev wrote:
> @jpmens was kind enough to share the original basis for the simple perl 
> He also mentioned
>      Logging of CDS/CDNSKEY generation for workflow
>       https://gitlab.isc.org/isc-projects/bind9/-/issues/1748
> which requests:
>      Would it be possible to log CDS/CDNSKEY generation in such a way as 
> that a "simple" workflow can be implemented in order to create tooling 
> which reacts on the log and performs a dynamic update on a parent zone.
>      Whenever a CDS/CDNSKEY is published in a child zone, BIND could 
> create a log record indicating for which zone this has occurred.
> and appears to have been implemented (?), but not committed/released.

This logging was added in 9.16.7


More information about the bind-users mailing list