[dns-operations] DS keys for child zones on same server & inline signing
each at isc.org
Fri Mar 15 20:21:17 UTC 2013
On Fri, Mar 15, 2013 at 03:03:38PM -0400, Phil Pennock wrote:
> Anyone got a tool that will take a configuration as checked into
> revision control, take the live config, generate a diff and apply that
> as a dynamic update to bring things into sync?
See contrib/zone-edit.sh, in the BIND9 tarball; it does something
along those lines.
But that's also pretty much what inline-signing does internally.
> For determining the current SOA, for increments, I just dig against the
> master auth server and pick something larger.
Note that if you're using inline-signing, then when you query for the
SOA you'll get one from the signed version of the zone, not the raw
version, which will usually have a different serial number. But it's
usually going to be higher, so it's probably safe to do things this way.
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the dns-operations