[dns-operations] DS keys for child zones on same server & inline signing
Joe Abley
jabley at hopcount.ca
Fri Mar 15 17:03:32 UTC 2013
On 2013-03-15, at 13:01, Tony Finch <dot at dotat.at> wrote:
> Joe Abley <jabley at hopcount.ca> wrote:
>>
>> If you want online signing to work nicely, edit the zone using dynamic
>> updates/nsupdate.
>>
>> If you're editing the zone manually, be sure to rndc freeze/thaw around
>> your edits.
>
> I thought that wasn't necessary with inline-signing mode.
Right, but I think inline-signing implies either DNS UPDATE or IXFR. Manually editing a zone file without rolling the journal back in first is universally bad, I think.
Joe
More information about the dns-operations
mailing list