Fwd: [Opendnssec-user] Zones in different views with the same name

Rick van Rein (OpenFortress) rick at openfortress.nl
Thu Oct 3 12:19:37 UTC 2013

Hi Jan Hugo,

> I'm currently looking into opendnssec to manage all DNS zones that I have.
> For some zones I have multiple views with different content.

This has been discussed in the developers' team also.  It is not possible to do this with current OpenDNSSEC releases, but it may be later on.

For the direction of solution considered, please see https://issues.opendnssec.org/browse/OPENDNSSEC-232 for details.  It cuts through all of the system, and is therefore considered a difficult operation, even if it is conceptually straightforward.

AFAIK it is not on the road map though.  Perhaps you can explain why this is crucial to you?  It might help if you have an unforeseen application that convinces.

As was stated, you should run views in separate OpenDNSSEC instances, unfortunately.  One note I'd add to that is that you might be best off with a single Enforcer, and multiple signers.  That way, you would share the keying material and PKCS #11 infrastructure among zones.


More information about the Opendnssec-user mailing list