[Opendnssec-user] Sub zones in opendnssec and DS keys
Matthijs Mekking
matthijs at nlnetlabs.nl
Fri Aug 29 16:09:06 UTC 2014
Hi Bas,
On 08/29/2014 02:24 PM, Bas van den Dikkenberg wrote:
> Hi all,
>
>
>
> I have 2 domain in my zone list of OpenDNSSEC, Test.domain.nl and domain.nl.
>
>
>
> Test.domain.nl has to publish his DS records to domain.nl, does
> OpenDNSSEC do this automatically ?
>
>
>
> If not can OpenDNSSEC do this automatically ?
Unfortunately not at this moment.
> If not is there a good workaround for this ?
I don't know if there are users on the list who have experimented with
this, but I guess you can make use of the following element in conf.xml:
<DelegationSignerSubmitCommand/>
To configure the a program/script receiving the new KSK during a key
rollover. In your script, you could distinguish different executions for
domain.nl and test.domain.nl.
I can imagine that you want to concatenate the DS to the unsigned zone
file domain.nl, issue ods-signer sign domain.nl, wait a bit to let the
change propagate to your name servers and do a ds-seen for test.domain.nl
Hope these hints help.
Best regards,
Matthijs
> With kind regards,
>
>
>
> Bas van den Dikkenberg
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
More information about the Opendnssec-user
mailing list