[Opendnssec-user] Added new zones to OpenDNSSEC
Volker Janzen
voja at voja.de
Fri Jul 2 09:27:19 UTC 2010
Hi all,
when I add a new zone to my DNS server, I'm always a bit confused about
the correct workflow. In the docs under "Adding/Removing zones" I just
find a call of "ods-ksmutil zone add --zone example.com". This call works
fine and adds the configuration. But the zone is not signed within
minutes.
By private mail contact with Matthijs I found out that I should send a HUP
signal to the enforcer. I think is cannot be everything needs to be done.
Doing this the unsigned zone file is not found, because zone fetcher
hasn't got it yet.
I'm running a bind with an internal view for OpenDNSSEC with unsigned zone
data and an external view with signed zone for the rest of the world.
When I add a new unsigned zone to bind, what needs to be done to get a
signed zone back to bind?
Should I first call "ods-ksmutil zone add --zone example.com", then
restart all of OpenDNSSEC software and finally reload bind to send AXFR to
OpenDNSSEC or do I have to perform these steps in a different order? After
restarting everything and changing SOA again in bind and reload everything
works, but I don't know how to optimize (or script) this procedure.
Best regards,
Volker Janzen
More information about the Opendnssec-user
mailing list