[Opendnssec-user] Random question re Dynamic DNS

Jakob Schlyter jakob at kirei.se
Tue Jan 12 21:32:12 UTC 2016

On 12 jan. 2016, at 22:09, Jake Zack <jake.zack at cira.ca> wrote:

> Is there an official (or an unofficial, I guess) adapter available that’d handle incoming dynamic DNS updates and have OpenDNSSEC sign them?

Not that I'm aware of. We did discuss something like that a couple of years ago, but ended up thinking it was too complex given different AuthN/AuthZ methods et al.

> Or must I go dynamic to an intermediary box and do IXFR’s and thus a re-signing (with some signatures re-used)?

Yes, you need a primary master to handle the updates. The signer will only resign what's needed of course.


More information about the Opendnssec-user mailing list