9.7.0rc1 auto-dnssec control of RRSIG generation
Evan Hunt
each at isc.org
Wed Feb 10 15:33:25 UTC 2010
> All this is fine, but I still don't really see why I should have to fake
> DDNS updates to trigger re-signing of a static zone. I get that the
> RRSIGs are changing and that it is mostly a semantic discussion whether
> the zone is static or not, but I think you understand what I mean.
What do you mean by "fake DDNS updates"?
If you make the zone dynamic (so that it's capable of being updated
by named), then named will take care of re-signing without having to
be triggered--it will just notice that signatures need replacing, and
replace them. You don't have to fake anything; it just takes care of
itself once you've given it permission to do so.
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-workers
mailing list