auto RRSIG enable

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

auto RRSIG enable

rams
Hi,
Do we need to set any option in named.conf for auto RRSIG generation in bind? 
Can anyone help me on this.

Regards,
Ramesh

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: auto RRSIG enable

Nyamkhand Buluukhuu
Hello,

Yes you can define below configurations in your options:

       inline-signing yes;

This configuration automates your signing zone tasks as whenever you change, add, delete your records or signature expired, named automatically re-sign your zone data with the keys in your key-directory.

        

       auto-dnssec maintain;

This is for the automated key management. With this option enabled, named will periodically check if there are new key available, or expired key and manage DNSKEY records. It's very helpful when you renew your keys.



Have a nice day :)

BR, NYAMKHAND Buluukhuu

 

Engineer

TPD/ETSD

UNESCO street - 28, MPM Complex

Ulaanbaatar -14220, Mongolia

Mobile:   (976) 94081017

Web:       www.mobicom.mn

 

Before you start - Be safety smart

 




From: bind-users <[hidden email]> on behalf of rams <[hidden email]>
Sent: Monday, November 2, 2020 2:14 PM
To: bind-users <[hidden email]>
Subject: auto RRSIG enable
 
Hi,
Do we need to set any option in named.conf for auto RRSIG generation in bind? 
Can anyone help me on this.

Regards,
Ramesh

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: auto RRSIG enable

Matthijs Mekking
And in 9.16 you can use the following line to sign your zones:

   dnssec-policy default;

And you can create your own dnssec-policy if you need a different
signing configuration.

Best regards,

Matthijs

On 11/2/20 7:20 AM, Nyamkhand Buluukhuu wrote:

> Hello,
>
> Yes you can define below configurations in your options:
>
>        inline-signing yes;​
>
> This configuration automates your signing zone tasks as whenever you
> change, add, delete your records or signature expired, named
> automatically re-sign your zone data with the keys in your key-directory.​
>
>         ​
>
>        auto-dnssec maintain;​
>
> This is for the automated key management. With this option enabled,
> named will periodically check if there are new key available, or expired
> key and manage DNSKEY records. It's very helpful when you renew your keys.
>
>
>
> /Have a nice day :)/**
>
> *BR, NYAMKHAND Buluukhuu*
>
> * *
>
> *Engineer*
>
> *TPD/ETSD*
>
> UNESCO street - 28, MPM Complex
>
> Ulaanbaatar -14220, Mongolia
>
> Mobile:   (976) 94081017
>
> Web:       www.mobicom.mn<http://www.newcom.mn/>
>
>  
>
> /Before you start - Be safety smart///
>
>  
>
>
>
> ------------------------------------------------------------------------
> *From:* bind-users <[hidden email]> on behalf of rams
> <[hidden email]>
> *Sent:* Monday, November 2, 2020 2:14 PM
> *To:* bind-users <[hidden email]>
> *Subject:* auto RRSIG enable
>  
> Hi,
> Do we need to set any option in named.conf for auto RRSIG generation in
> bind? 
> Can anyone help me on this.
>
> Regards,
> Ramesh
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (499 bytes) Download Attachment