Joined: 24 Jun 2010
|Posted: Thu Oct 06, 2011 2:37 am Post subject: Using DNSSec with BIND
I've managed to set up two new DNS servers. One as a master, and the second as a slave.
All works perfectly using the traditionally DNS services, but I want to get DNSSec up and running.
So far I've managed to create the key's needed for my zones, sign the zones, load these zones into
BIND and I can query to get a correct answer if I ask for it (with all DNSSec stuff added).
My question is now: What is the best practice for resigning the zones?
I dont want to manually sign the zones each time they run out.
So what is 'usual' way to make this happen? There must be some sort of nice way, so I dont have to
create some nasty homebrew shellscript and add such as a cronjob.