[Samba] Samba Bind DLZ and Zone signing

Andrew Bartlett abartlet at samba.org
Sun Dec 10 20:32:22 UTC 2023


On Sun, 2023-12-10 at 17:23 +0200, Sami Hulkko via samba wrote:
> Hi,
> 
> Is there any way of signing the zones with  zone-signing key? How
> would 
> one add  add zone-signing key and key signing key to DLZ database?
> The 
> Windows 11 Pro RSAT tool for nameserver do not accept key addition
> and 
> states unauthorized.

This is an interesting question.  The only way this would work is if
it was being transparently and dynamically added by the BIND9 side of
things.

Samba doesn't know how to generate the signing records and has
unfortunate
fixed limtiations in the records it knows how to store.

DNSSEC is a good thing, and it is sad that Samba doesn't know how to
support it (or check it in the recursive resolver). 

Sorry!

Andrew Bartlett


-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions




More information about the samba mailing list