Inline signing and views.
Jack Tavares
j.tavares at F5.com
Fri Apr 11 17:48:49 UTC 2014
Hello -
Is it possible to enable inline signing of a zone in 2 different views with 2 different keys?
I have the following config:
view "external" {
match-clients {
1.1.1.1;
};
zone "test.com." {
type master;
file "external.test.com.";
allow-update {
localhost;
};
key-directory "/config/external.keys";
auto-dnssec maintain;
inline-signing yes;
};
};
view "internal" {
match-clients {
any;
};
zone "test.com." {
type master;
file "internal.test.com.";
allow-update {
localhost;
};
key-directory "/config/internal.keys";
auto-dnssec maintain;
inline-signing yes;
};
};
When I run bind I get these errors:
11-Apr-2014 10:35:30.414 dns_dnssec_findzonekeys2: error reading private key file test.com/RSASHA1/49440: file not found
11-Apr-2014 10:35:30.415 dns_dnssec_findzonekeys2: error reading private key file test.com/RSASHA1/6124: file not found
11-Apr-2014 10:35:30.435 zone test.com/IN/external (signed): reconfiguring zone keys
11-Apr-2014 10:35:30.436 zone test.com/IN/internal (signed): reconfiguring zone keys
11-Apr-2014 10:35:30.436 dns_dnssec_keylistfromrdataset: error reading private key file test.com/RSASHA1/49440: file not found
11-Apr-2014 10:35:30.437 dns_dnssec_keylistfromrdataset: error reading private key file test.com/RSASHA1/6124: file not found
Is what I am trying to do not possible, or do I have a config error?
I created the key files using
dnssec-keygen test.com
dnssec-keygen -fk test.com
In the 2 different directorys.
All permissions and file owner ship is correct.
It works properly if I only have one (either of them) of these zones configured for auto signing,
so I believe the key files are ok.
The man page and tutorials that I have found do not address multiple views.
Thank you
More information about the bind-users
mailing list