AW: AW: Specifying NSEC3 salt with dnssec-policy
Klaus Darilion
klaus.darilion at nic.at
Tue Oct 1 12:45:04 UTC 2024
> > I always had the impression that dnssec-signzone is a stand-alone
> > utility and signing is done either with dnssec-signzone or with
> > Bind's dnssec-policy. Does it really work to use dnssec-signzone on a
> > zone and journal that is managed by named?
>
> No, it doesn't work like that. You turn off automatic signing and use
> dnssec-signzone manually to sign the zone.
>
> I was under the impression that you needed to sign a zone with a
> specific salt. dnssec-signzone can do that for you.
OK. So this is a worst-case workaround. I was hoping to find a workaround with still Bind9 doing all the signing automatically :)
Thanks
Klaus
More information about the bind-users
mailing list