Freeze/thaw and signed zone files
Tony Finch
dot at dotat.at
Fri Feb 22 16:54:56 UTC 2019
@lbutlr <kremels at kreme.com> wrote:
>
> Nope, now the .signed file isn’t touched at all after the zone file is edited.
>
> zone "example.com" {
> type master;
> file "master/example.com.signed";
> update-policy local;
> auto-dnssec maintain;
> };
It sounds to me like you are expecting it to work in inline-signing mode,
but you have not configured it that way. With the configuration above,
`named` will never read or write to the unsigned zone.
You might want a config like
zone "example.com" {
type master;
file "master/example.com";
update-policy local;
auto-dnssec maintain;
inline-signing yes;
};
Alternatively, with your current config you can update the zone using
https://dotat.at/prog/nsdiff/ like this:
nsdiff example.com master/example.com | nsupdate -l
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Portland, Plymouth, Biscay, East Fitzroy: Southeasterly 4 or 5, occasionally 6
in Plymouth and Fitzroy, becoming variable 3 or 4 later. Moderate or rough,
occasionally very rough except in Portland. Fair, but rain in Fitzroy. Good,
occasionally poor.
More information about the bind-users
mailing list