[nsd-users] Updating my signed zonefiles

Jan-Piet Mens jpmens.dns at gmail.com
Mon Jul 8 10:07:35 UTC 2013


> Is there an easier way to update my signed zonefiles than having to do
> ldns-keygen -a RSASHA1_NSEC3 -b 1024 <domain> && ldns-keygen -a
> RSASHA1_NSEC3 -b 2048 -k <domain> && ldns-signzone <domain> <zone
> signing key> <key signing key> over and over?

If you invoke `ldns-keygen` every time you change a zone file, you are
generating NEW keys at each run. I very much doubt you really want that,
as you'd have to submit your DS RRset to the parent zone each time!

        -JP



More information about the nsd-users mailing list