DNSSEC support #7
Comments
|
After introduction of inline-signing ( https://kb.isc.org/docs/aa-00626 ) is there still something blocking usage of dnssec with gitzone what i could be overlooking ? dnssec-key generation sounds like only thing what needs to be managed externaly / implemented in gitzone. |
|
Isn't this cli utility doing the keygen? https://linux.die.net/man/8/dnssec-keygen |
Yep that's correct, one possible solution to "support" dnssec would be to leverage dnssec-keygen to generate keys if they are missing for zones where dnssec is enabled, the question is should gitzone handle it or not. |
|
I think the best is to have gitzone list the zones:
if such a list is easy to parse via scripts, then generation can be further scripted and an example can be included in the docs. I guess this is the best way to make the function transparent and actions confirmed by administrators. This issue is looking for a contributor BTW, my knowledge or Perl is very scarce. |
We should think about adding DNSSEC and zone signing support.
The text was updated successfully, but these errors were encountered: