9.7.0rc1 auto-dnssec control of RRSIG generation
Johan Ihren
johani at autonomica.se
Wed Feb 10 15:40:40 UTC 2010
On 10 Feb 2010, at 16:33, Evan Hunt wrote:
>> All this is fine, but I still don't really see why I should have to fake
>> DDNS updates to trigger re-signing of a static zone. I get that the
>> RRSIGs are changing and that it is mostly a semantic discussion whether
>> the zone is static or not, but I think you understand what I mean.
>
> What do you mean by "fake DDNS updates"?
>
> If you make the zone dynamic (so that it's capable of being updated
> by named), then named will take care of re-signing without having to
> be triggered--it will just notice that signatures need replacing, and
> replace them. You don't have to fake anything; it just takes care of
> itself once you've given it permission to do so.
Aha! Now I'm happy again. That's exactly what I wanted, but I was apparently too dense to understand that this was what you were trying to tell me. Will play with that ASAP.
Thanks,
Johan
More information about the bind-workers
mailing list