4ccf277850
This runs bind as a hidden master nameserver so we can do all the keysigning there, and then use nsd (or bind) as public authoritative slaves. Change-Id: Ifb2ad109103051fa13c4af1c7be1ca0ae98bb1a1
14 lines
294 B
Plaintext
14 lines
294 B
Plaintext
zone <%= @name %> {
|
|
type master;
|
|
file "/var/lib/bind/zones/<%= @name %>/zone.db";
|
|
|
|
# look for dnssec keys here:
|
|
key-directory "/etc/bind/keys/<%= @name %>";
|
|
|
|
# publish and activate dnssec keys:
|
|
auto-dnssec maintain;
|
|
|
|
# use inline signing:
|
|
inline-signing yes;
|
|
};
|