|OS type and version||Ubuntu Linux 20.04.4|
BIND version 9.16
How does Webmin manage dnssec operations - records signing and resigning, keys regeneration etc.? I mean should it simply put corresponding BIND options into BIND config file and let BIND do all things, or Webmin uses its own timers and calls utilities for these tasks?
I ask this because I have dnssec enabled thru Webmin for one of my zones (all I’ve done is just created keys for the zone) - and all records got signed. But when I look into named.conf I cannot find any dnssec-related directive there*. Therefore I guess that BIND itself won’t do anything with signatures when they get expired.
Now I have RRSIG records with expiration date 2022-10-27 but not sure will they be resigned automatically and what system must initiate this process.
*There is “dnssec-validation auto”, but it’s not about zone signing
Thanks in advance