[Samba] Samba Bind DLZ and Zone signing
Andrew Bartlett
abartlet at samba.org
Sun Dec 10 20:32:22 UTC 2023
On Sun, 2023-12-10 at 17:23 +0200, Sami Hulkko via samba wrote:
> Hi,
>
> Is there any way of signing the zones with zone-signing key? How
> would
> one add add zone-signing key and key signing key to DLZ database?
> The
> Windows 11 Pro RSAT tool for nameserver do not accept key addition
> and
> states unauthorized.
This is an interesting question. The only way this would work is if
it was being transparently and dynamically added by the BIND9 side of
things.
Samba doesn't know how to generate the signing records and has
unfortunate
fixed limtiations in the records it knows how to store.
DNSSEC is a good thing, and it is sad that Samba doesn't know how to
support it (or check it in the recursive resolver).
Sorry!
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list