nsupdate problem after DNSSEC

Michelle Konzack linux4michelle at tamay-dogan.net
Wed Jan 5 14:32:22 UTC 2011


Hello Phil Mayers,

Am 2011-01-05 09:19:11, hacktest Du folgendes herunter:
> Do you mean you have signed your zone?

Yes

> If so, you are aware that bind requires the zone-signing key to be
> available in order to perform updates - like this:
> 
> zone "$name" {
>   type master;
>   allow-update { ... };

allow-update or allow-transfer?

I have the later one and it seems, my zones  where  transfered  after  a
forced reboot of <dns2>,  but  only  the  ZONEs  which  have  an  IP  in
allow-transfer.  <tamay-dogan.net> use a key and it does not work.

>   key-directory "/var/named/data/keys/$name";
> };

Ahh, I have to add this?

> ...and in /var/named/data/keys/$name you need the:
> 
> K$name.+005+id.key
> K$name.+005+id.private

many of them

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems at tdnet France EURL       itsystems at tdnet UG (limited liability)
Owner Michelle Konzack            Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz                 Kinzigstraße 17
67100 Strasbourg/France           77694 Kehl/Germany
Tel: +33-6-61925193 mobil         Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/>  <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/>         <http://www.can4linux.org/>

Jabber linux4michelle at jabber.ccc.de
ICQ    #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.pgp
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110105/ef64cebd/attachment.bin>


More information about the bind-users mailing list