Migration to inline-signing
Michael Richardson
mcr at sandelman.ca
Sat May 17 14:35:01 UTC 2025
Crist Clark <cjc+bind-users at pumpky.net> wrote:
> Tired of looking at the log messages warning me that inline-signing
> will be the default in 9.20. I want to convert my 9.18 to using
> inline-signing. Right now all of the zones use dnssec-policy and are
> dynamic.
My experience was that it was best to do bump-in-the-xfer signing.
I created a view "authoritative" loaded all my zones there, then created a
view called "signing", and had the signing view xfer, do-managed-signing, and
serving it.
I have a blog entry somewhere on this, which I can't locate right now.
More information about the bind-users
mailing list