-
godog authored
Zones marked with 'DNSSEC' attribute in zonetool will get their records signed with DNSSEC. If the signing key cannot be found it'll be generated by zonetool. Note NSEC3 salt is in passwords.yml so that it is the same on all hosts, however the salt itself is public (i.e. published in the zone) and should be rotated periodically. See also ai3/testbed#160
7378ac8d