[Opendnssec-user] Random question re Dynamic DNS
jakob at kirei.se
Tue Jan 12 21:32:12 UTC 2016
On 12 jan. 2016, at 22:09, Jake Zack <jake.zack at cira.ca> wrote:
> Is there an official (or an unofficial, I guess) adapter available that’d handle incoming dynamic DNS updates and have OpenDNSSEC sign them?
Not that I'm aware of. We did discuss something like that a couple of years ago, but ended up thinking it was too complex given different AuthN/AuthZ methods et al.
> Or must I go dynamic to an intermediary box and do IXFR’s and thus a re-signing (with some signatures re-used)?
Yes, you need a primary master to handle the updates. The signer will only resign what's needed of course.
More information about the Opendnssec-user