<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">I would recommend starting here: <a href="https://bind9.readthedocs.io/en/latest/dnssec-guide.html">https://bind9.readthedocs.io/en/latest/dnssec-guide.html</a><br><br><div dir="ltr"><div>--</div>Ondřej Surý — ISC (He/Him)<div><br></div><div>My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</div></div><div dir="ltr"><br><blockquote type="cite">On 10. 5. 2021, at 7:19, Dan Egli <dan@newideatest.site> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span>I tried to setup inline signing on my DNS server, and after reading the results from DNSVIZ, i'd say I was PARTIALLY successful, but there still seems to be a lot missing.</span><br><span></span><br><span>You can check the status on dnsviz yourself with the names eglifamily.name and newideatest.site. Both resulted in nearly identical responses, wtih a lot of warning and some errors. A few of those errors I could blame on my backup DNS provider. You get what you pay for and they are free. But not everything could be blamed on them.</span><br><span></span><br><span>I've attached a PNG of the output. Hopefully it comes through. Meanwhile, here's the zone statements from my named.conf:</span><br><span></span><br><span>view "standard" IN {</span><br><span>        zone "eglifamily.name" {</span><br><span>                type master;</span><br><span>                file "pri/eglifamily.zone";</span><br><span>                allow-query { any; };</span><br><span>                allow-transfer {</span><br><span>                  108.61.224.67; 116.203.6.3; 107.191.99.111; 185.22.172.112; 103.6.87.125; 192.184.93.99; 119.252.20.56; 31.220.30.73; 185.34.136.178; 185.136.176.247; 45.77.29.133; 116.203.0.64; 167.88.161.228; 199.195.249.208; 104.244.78.122; 2605:6400:30:fd6e::3; 2605:6400:10:65::3; 2605:6400:20:d5e::3; 2a01:4f8:1c0c:8122::3; 2001:19f0:7001:381::3; 2a06:fdc0:fade:2f7::1; 2a00:dcc7:d3ff:88b2::1; 2a04:bdc7:100:1b::3; 2401:1400:1:1201::1:7853:1a5; 2604:180:1:92a::3; 2403:2500:4000::f3e; 2a00:1838:20:2::cd5e:68e9; 2604:180:2:4cf::3; 2a01:4f8:1c0c:8115::3; 2001:19f0:6400:8642::3;</span><br><span>                };</span><br><span>//              also-notify { 1.2.3.4; }; // none for now</span><br><span>                allow-update { trusted; };</span><br><span>                key-directory "/var/bind/pri/keys";</span><br><span>                auto-dnssec maintain;</span><br><span>                inline-signing yes;</span><br><span>        };</span><br><span></span><br><span>        zone "newideatest.site" {</span><br><span>                type master;</span><br><span>                file "pri/newideatest.zone";</span><br><span>                allow-query { any; };</span><br><span>                allow-transfer {</span><br><span>                  108.61.224.67; 116.203.6.3; 107.191.99.111; 185.22.172.112; 103.6.87.125; 192.184.93.99; 119.252.20.56; 31.220.30.73; 185.34.136.178; 185.136.176.247; 45.77.29.133; 116.203.0.64; 167.88.161.228; 199.195.249.208; 104.244.78.122; 2605:6400:30:fd6e::3; 2605:6400:10:65::3; 2605:6400:20:d5e::3; 2a01:4f8:1c0c:8122::3; 2001:19f0:7001:381::3; 2a06:fdc0:fade:2f7::1; 2a00:dcc7:d3ff:88b2::1; 2a04:bdc7:100:1b::3; 2401:1400:1:1201::1:7853:1a5; 2604:180:1:92a::3; 2403:2500:4000::f3e; 2a00:1838:20:2::cd5e:68e9; 2604:180:2:4cf::3; 2a01:4f8:1c0c:8115::3; 2001:19f0:6400:8642::3;</span><br><span>                };</span><br><span>//              also-notify { 1.2.3.4; }; // none for now</span><br><span>                allow-update { trusted; };</span><br><span>                key-directory "/var/bind/pri/keys";</span><br><span>                auto-dnssec maintain;</span><br><span>                inline-signing yes;</span><br><span>        };</span><br><span></span><br><span>-- </span><br><span></span><br><span>Dan Egli</span><br><span>From my Test Server</span><br><span></span><br><div><newideatest.site-2021-05-10-05 11 22-UTC(1).png></div><div><OpenPGP_0x11B7451DF2015959.asc></div><span>_______________________________________________</span><br><span>Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list</span><br><span></span><br><span>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.</span><br><span></span><br><span></span><br><span>bind-users mailing list</span><br><span>bind-users@lists.isc.org</span><br><span>https://lists.isc.org/mailman/listinfo/bind-users</span><br></div></blockquote></body></html>