[dns-operations] DS keys for child zones on same server & inline signing

Joe Abley jabley at hopcount.ca
Fri Mar 15 17:03:32 UTC 2013


On 2013-03-15, at 13:01, Tony Finch <dot at dotat.at> wrote:

> Joe Abley <jabley at hopcount.ca> wrote:
>> 
>> If you want online signing to work nicely, edit the zone using dynamic
>> updates/nsupdate.
>> 
>> If you're editing the zone manually, be sure to rndc freeze/thaw around
>> your edits.
> 
> I thought that wasn't necessary with inline-signing mode.

Right, but I think inline-signing implies either DNS UPDATE or IXFR. Manually editing a zone file without rolling the journal back in first is universally bad, I think.


Joe




More information about the dns-operations mailing list