[Pdns-users] DNSSEC live signing in complex setup
Jan-Piet Mens
jpmens.dns at gmail.com
Fri May 24 16:49:24 UTC 2013
Klaus,
> I did some basic testing and everything works fine, except that the
> SOA's serial stays constant also during ZSK and KSK roll-overs. Is
> this the expected behavior? E.g. Bind in inline-signing mode
> increases the serial on roll-overs and re-signing.
Have you looked at (and tweaked) the SOA-EDIT domainmetadata? You set it
on a per/zone basis, and it bumps the SOA serial number in one of
several formats for you.
> Is there anything further I have to worry about? IMO it is "to easy"
> to add live signing. :-)
My head is a bit woozy, so I haven't very carefully studied your
message, but no: it is indeed very easy to add live signing to PowerDNS :)
-JP
More information about the Pdns-users
mailing list