MIME-Version: 1.0
In-Reply-To: <545A53C1.7010100@redhat.com>
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Disposition: inline
X-RT-Interface: Web
References: <545A53C1.7010100@redhat.com> <RT-Ticket-37732@isc.org>
Content-Type: text/plain; charset="utf-8"
Message-ID: <rt-4.2.8-96581-1467757459-991.37732-0-0@isc.org>
Content-Transfer-Encoding: binary
X-RT-Original-Encoding: utf-8
RT-Send-CC:
X-RT-Encrypt: 0
X-RT-Sign: 0
Content-Length: 663

On Wed Nov 05 06:43:51 2014, pspacek@redhat.com wrote:
> Hello,
> 
> I have seen that support for CDS and CDNSKEY resource record types was
> added
> to BIND 9.10.
> 
> It would be great if in-line signing could automatically add/manage
> CDS/CDNSKEY records according to timestamps in the key files.
> 
> I suspect that it could be a zone-knob like child-dnssec-sync: none |
> ds |
> dnskey | both; or something like that.
> 
> Have a nice day!

9.11 already has the ability to generate, publish and delete CDS and
CDNSKEY based on timing.  Both CDS and CDNSKEY records are generated /
deleted at the same time.

[-P sync date/offset]
[-D sync date/offset]

Mark