nsdiff 1.47
2013-11-09 18:13![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
fanfI have done a little bit of work on nsdiff recently.
You can now explicitly manage your DNSKEY RRset, instead of leaving it to named. This is helpful when you are transferring a zone from one operator to another: you need to include the other operator's zone signing key in your DNSKEY RRset to ensure that validation works across the transfer.
There is now support for bump-in-the-wire signing, where nsdiff transfers the new version of the zone from a back-end hidden master server and pushes the updates to a signing server which feeds the public authoritative servers.
Get nsdiff from http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff
(Edit: I decided to simplify the -u option so updated from version 1.46 to 1.47.)
(Previously, previously, previously, previously, previously.)
