Secure zone acting insecure
Jim Reid
jim at rfc1035.com
Sat Apr 28 14:15:54 UTC 2001
>>>>> "Robert" == Robert Martin <rmartin at viclink.com> writes:
Robert> I am experimenting with a secure zone for the first time,
Robert> using bind 9.1.0. I've produced a secure zone file (the
Robert> signed file) using the tools that come with it, and I've
Robert> replaced the insecure zone file with the signed file in
Robert> named.conf. I've looked over the signed file, and it seems
Robert> correct: every record has a SIG and NXT record associated
Robert> with it. I've used both DSA and RSA keys.
What's the name of the zone and the server? What does the signed zone
look like? What does the server say when it loads the zone? And
upgrade to 9.1.1. There are nasty threading bugs in 9.1.0
Robert> I'm hoping that there is an easy fix, like adding some
Robert> directive to my config file. Any help is greatly
Robert> appreciated.
There are no magic config options needed. If the zone has been signed
correctly, the server will happily hand out replies with SIG and NXT
records in them. Do you get the AD (Authentic Data) bit set on the
answers for this zone? That tells you the name server believes the
zone has been signed OK.
More information about the bind-users
mailing list