I would like to solicit constructive feedback in regards to a distributed DNS
zone hosting proof of concept I'd like to design and establish.
I must deploy a DNS system with the following requirements:
- single master server, multiple slave servers
- minimal time for name resolving for Americas,
Thanks Petr, I'll relocate the zone data files into the /dynamic directory.
Should DNSSEC key signing keys and zone signing keys also be located in a
directory inside the /dynamic directory? Would it be acceptable to have them
in a directory such as /var/named/chroot/etc/keys/dnssec?
Thank you.
Thanks for your reply Tony. Great references. I've got the ARM for 9.8.2
handy but thank you for sending the link to your article and pointing me out
to Section 4.9.3 Fully Automatic Signing. It's been helpful to confirm zone
RRSIGs can refresh automatically.
A zone that was signed with a sigvali
Due to customer requirements, I'm deploying BIND 9.8.2 on RHEL 6.8 and can
neither upgrade BIND to a newer version or upgrade to RHEL 7. I have
successfully configured a master and slave DNS server, DNSSEC, with
Transaction Signatures, and have performed a successful manual zone update,
incremented
4 matches
Mail list logo
