kasp-policy and catalog zones

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

kasp-policy and catalog zones

BÖSCH Christian

Hi,

 

Is there a plan when the option for KASP "dnssec-policy" within

a catalog member zone will be available?

Just like with allow-transfer.catalog.example. IN APL ….

 

Thanks,

Christian


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: kasp-policy and catalog zones

Matthijs Mekking
Hi Christian,

There are no plans for this.

While technically a secondary can have a "dnssec-policy" statement
(acting as a bump-in-the-wire signer), signing a zone is mainly a
primary server responsibility and a policy configuration does not need
to be transferred to its secondaries.

For now I would suggest just add the zone with `rndc addzone` to the
primary or update the primary name server configuration and add the
"dnssec-policy" option.

Best regards,

Matthijs

On 9/18/20 7:52 PM, BÖSCH Christian wrote:

> Hi,
>
>  
>
> Is there a plan when the option for KASP "dnssec-policy" within
>
> a catalog member zone will be available?
>
> Just like with allow-transfer.catalog.example. IN APL ….
>
>  
>
> Thanks,
>
> Christian
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users
>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (499 bytes) Download Attachment