From owner-freebsd-stable@FreeBSD.ORG Wed Jul 23 08:33:08 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 488F81065670; Wed, 23 Jul 2008 08:33:08 +0000 (UTC) (envelope-from pol@leissner.se) Received: from mailgate.leissner.se (mailgate.leissner.se [212.3.1.210]) by mx1.freebsd.org (Postfix) with ESMTP id A769A8FC1B; Wed, 23 Jul 2008 08:33:06 +0000 (UTC) (envelope-from pol@leissner.se) Received: from mailgate.leissner.se (localhost [127.0.0.1]) by mailgate.leissner.se (8.14.3/8.14.3) with ESMTP id m6N87wC5083007; Wed, 23 Jul 2008 10:07:58 +0200 (CEST) (envelope-from pol@leissner.se) Received: (from uucp@localhost) by mailgate.leissner.se (8.14.3/8.14.3/Submit) id m6N87w99083003; Wed, 23 Jul 2008 10:07:58 +0200 (CEST) (envelope-from pol@leissner.se) Received: from pol.leissner.se(192.71.29.17), claiming to be "pol" via SMTP by mailgate.leissner.se, id smtpd0Vm4oQ; Wed Jul 23 10:07:52 2008 Received: by pol (Postfix, from userid 1000) id 87D38A40048; Wed, 23 Jul 2008 10:07:46 +0200 (CEST) Date: Wed, 23 Jul 2008 10:07:46 +0200 From: Peter Olsson To: Paul Schmehl Message-ID: <20080723080746.GK6675@pol.leissner.se> References: <20080722200720.0540245048@ptavv.es.net> <9C1F9AB0E0CD3034CA691A30@utd65257.utdallas.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <9C1F9AB0E0CD3034CA691A30@utd65257.utdallas.edu> X-NCC-RegID: se.leissner X-Organization: Leissner Data AB User-Agent: Mutt/1.5.17+20080114 (2008-01-14) Cc: Doug Barton , freebsd-stable@freebsd.org Subject: Re: FreeBSD 7.1 and BIND exploit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jul 2008 08:33:08 -0000 About scripts for automating DNSSEC maintenance, check this out: http://www.hznet.de/dns/zkt/ There are also some DNSSEC howtos on that site. We use ZKT for our DNSSEC zones, and everything except KSK rollover is fully automated. Has been working fine for about half a year now. Automatic KSK rollover will be in next release of ZKT, I don't know the details of how that is going to work. -- Peter Olsson pol@leissner.se