Automated signing in 9.7.2
Brett Carr
brettlists at gmail.com
Tue Oct 19 18:41:02 UTC 2010
Hi,
I'm currently doing some testing with 9.7.2-P2
I have a zone which is small (3 A records) and unsigned. I have
generated a KSK and a ZSK and made sure that named can read them and
placed them in /etc/bind.
I have added this to my config for the zone:
zone "ppgirl.org" IN {
type master;
file "/etc/bind/ppgirl.org";
allow-update {
key key-dnssigner.blacksun.localnet;
};
key-directory "/etc/bind";
auto-dnssec maintain;
sig-validity-interval 1;
notify yes;
also-notify { 192.168.1.249; };
};
Upon starting bind the ZSK and KSK have been added to the zone and I
also see the following records:
TYPE65534 \# 5 ( 05230B0001 )
TYPE65534 \# 5 ( 05D03E0001 )
However only 1 NSEC record and no signatures were added to the zone. I
have tried doing an rndc sign which does not add any signatures but
does write this to the logfile:
19-Oct-2010 08:35:43.255 general: info: received control channel
command 'sign ppgirl.org'
19-Oct-2010 08:35:43.255 general: info: zone ppgirl.org/IN:
reconfiguring zone keys
19-Oct-2010 08:35:43.283 general: info: zone ppgirl.org/IN: next key
event: 19-Oct-2010 20:35:43.283
Did I miss something??
Brett
More information about the bind-users
mailing list