Acme Client nsupdate interface forces a different key-ID for every domain
It would be much more convenient for a large number of domains to assign a DNSSEC update-key to the firewall and allow it to make updates to all of the relevant host entries in the domain. As it is, a new key must be entered into BIND for every host record being updated. This also significantly complicates the configuration if you use views on your DNS server.
It could be resolved by either allowing a paste of the entire key or adding a field to (optionally) set the key-id instead of generating it as matching the domain being validated.
#2 Updated by Jim Pingle almost 3 years ago
- Assignee set to Jim Pingle
The way the code works now the key name/id is the domain name. While you could copy the key to a bunch of names on the BIND server it could be done better/easier.
Also it's tough to use zone keys the way it is now. I plan on adding this field when I have some time, just not sure when that might be.