Hi,
I want to use Ansible to deploy zone files to my Knot signer (hidden
master). The zone files should be generated from the Ansible playbook
data and will not contain any DNSSEC related information, just SOA, NS,
A, AAAA, TXT and MX records. I'd like to use Knot DNSSEC auto-signing. I
can stop the Knot process before deploying new zone files. I use
zonefile-load: difference in this case, as of the DNSKEY / CDNSKEY / CDS
data should not be replaced with something new. Should this work for me,
or is there anything I miss or is there even a better option?
Kind regards,
Volker