Some quite some time ago i wrote about DNSSEC Quick Zone Setup with BIND.
While it worked, i didn't had it active for long. Mainly because all the manual work in keeping the signatures up-to-date.
At the time i either didn't knew about BIND9's "inline-signing yes;" and "auto-dnssec maintain;" or they didn't exist back then^^
And ow was the time i revisit the topic and "try again" on finding a better solution. And well, i think i did \o/
So far i've configured DNSSEC for one of my domains and will see how this approach is keeping up in the following months. I'll plan on writing more about DNSSEC and how my new setup works.
Until then i have a WIP document with some notes i've took along the way.
PS: I totally fell in love with Asciidoc / Asciidoctor. Maybe it's also time to re-write my blogging software, too.