I'm trying to use Cascade with BIND with this configuration:
-Bind master nameserver with unsigned zone. This nameserver allows zone transfer to Cascade via AXFR and sends notifies to the "Notify-listeners server" of Cascade.
-Cascade downloads the unsigned zone from the master nameserver and publishes the signed zone via AXFR.
-Bind slave nameserver try to downloads via AXFR the signed zone from Cascade and then publishes it.
I'm testing this configuration because, as written in the manual, it's not good expose Cascade publicly on internet since it's designed to be an hidden signer (and i agree).
So i need to publish the signed zone in a "true" nameserver.
Cascade works very well while signing the zone from a zone in downstream, and it works very well resigning the zone when a notify from the master nameserver arrives.
There is a problem when i need to transfer the signed zone in a nameserver because Cascade can't be an authoritive nameserver for his signed zone and then the slave nameserver
Can't download this signed zone via AXFR because doesn't receive authoritive responses. I can't load the signed zone manually in an authoritive nameserver because the signed zone is not saved on disk (i can do dig @cascade_ip zone-name AXFR > file path but i have to modify the text).
So i can't understand the philosofy around the zone transfer from Cascade to "someone" via AXFR, and i will appreciate your answers for this point.
Then, it's possible to allow the axfr transfer from Cascade to specified IP Addresses only using an options instead using a firewall?
Cascade v.alpha 5 doesn't publish CDS and CDNSKEY, so i'm asking if there is a manual command on Cascade able to generate (in the parent zone) the DS from a known KSK?
I'm trying to use Cascade with BIND with this configuration:
-Bind master nameserver with unsigned zone. This nameserver allows zone transfer to Cascade via AXFR and sends notifies to the "Notify-listeners server" of Cascade.
-Cascade downloads the unsigned zone from the master nameserver and publishes the signed zone via AXFR.
-Bind slave nameserver try to downloads via AXFR the signed zone from Cascade and then publishes it.
I'm testing this configuration because, as written in the manual, it's not good expose Cascade publicly on internet since it's designed to be an hidden signer (and i agree).
So i need to publish the signed zone in a "true" nameserver.
Cascade works very well while signing the zone from a zone in downstream, and it works very well resigning the zone when a notify from the master nameserver arrives.
There is a problem when i need to transfer the signed zone in a nameserver because Cascade can't be an authoritive nameserver for his signed zone and then the slave nameserver
Can't download this signed zone via AXFR because doesn't receive authoritive responses. I can't load the signed zone manually in an authoritive nameserver because the signed zone is not saved on disk (i can do dig @cascade_ip zone-name AXFR > file path but i have to modify the text).
So i can't understand the philosofy around the zone transfer from Cascade to "someone" via AXFR, and i will appreciate your answers for this point.
Then, it's possible to allow the axfr transfer from Cascade to specified IP Addresses only using an options instead using a firewall?
Cascade v.alpha 5 doesn't publish CDS and CDNSKEY, so i'm asking if there is a manual command on Cascade able to generate (in the parent zone) the DS from a known KSK?