[Opendnssec-user] running ODS concurrently on one server

Klaus Darilion klaus.mailinglists at pernau.at
Tue Jul 9 15:02:00 UTC 2013



On 09.07.2013 16:49, Klaus Darilion wrote:
>
>
> On 08.07.2013 17:53, Joe Abley wrote:
>> Hi Klaus,
>>
>> On 2013-07-08, at 09:13, Klaus Darilion
>> <klaus.mailinglists at pernau.at> wrote:
>>
>>> I want to sign a certain zone multiple times: 1x the original zone
>>> + 1x a modified "backup" zone (change SOA serial and maybe some
>>> other records)
>>
>> CIRA's signing infrastructure with .CA provides some experience for a
>> somewhat similar setup. CIRA uses OpenDNSSEC to manage the key
>> policy, and the identities of the keys required to make signature are
>> extracted from the live policy in order to do their parallel signing
>> with BIND9 (they sign with multiple signers and compare the results
>> before publication).
>
> So, they sign with ods-signer and additionally with the bind signing
> tools? Or do they use only the bind signing tools?

Answering myself: Yes, bind+ODS
https://wiki.opendnssec.org/display/USERDOCREF/OpenDNSSEC+Deployment+-+CIRA





More information about the Opendnssec-user mailing list