This directive sets the path to the zone's DNSSEC keys. When set to local, updates to the zone will be permitted for a special key "local-ddns" which gets generated by named automatically at startup. Sets the policy for enabling or disabling DDNS updates. This directive takes a boolean yes | no value. This directive provides the ability to "convert" a DNSSEC signed (secure) zone to an unsigned (insecure) zone. Off - which disables automatic DNSSEC functionality ( NOTE: this option is not yet implemented the syntax has been reserved for future use.) Maintain - includes the functionality above, but will also automatically adjust the zone's DNSSEC keys according to DNSSEC key timing metadata that is supplied.Ĭreate - includes the above, but signals named to create new DNSSEC keys when needed. There are currently four (4) possible settings:Īllow - permits keys to be updated and the zone to be re-signed whenever the user issues the rndc sign zonename command. Configuring zones with this directive enables varying levels of automatic DNSSEC key management.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |