Salut,
On Sun, Aug 09, 2009 at 09:41:00AM -0400, Perry E. Metzger wrote:
> >> So don't do that.
> >
> > Don't do what?
>
> Don't do the DNS signature generation at the same moment that you bring
> up the name server to provide resolution services locally. There is no
> reason that you have to do things that way (and in fact, there are a lot
> of reasons not to.) BTW, I don't believe our current scripts are set up
> to do that anyway, so this is moot.
The zone provider has to generate a DNSSEC signature at the moment it
signals people to reload the zone. It does that when named starts up.
At least in modern nameds.
Tonnerre
Attachment:
pgpu16D0wjRrF.pgp
Description: PGP signature