BIND 8.2.4-REL in FreeBSD 4.4 broke my DNSSEC
Vivek Khera
khera at kcilink.com
Wed Sep 26 20:54:31 UTC 2001
I had been running 4.3-STABLE from about June on my primary DNS
server, and had BIND 8.2.3-REL on it (I forget if I updated it or it
was already that version when I installed FreeBSD).
Anyhow, my DNSSEC configuration is now failing with these errors:
/etc/namedb/named.conf:23: unknown key 'kci-yertle'
/etc/namedb/named.conf:23: empty key not added to server list
/etc/namedb/named.conf:51: unknown key 'vortex-kci'
/etc/namedb/named.conf:51: empty key not added to server list
Does anyonw know anything about this? I see in the CHANGES file these
entries:
1186. [bug] DNSSEC key ids were computed incorrectly.
1156. [bug] don't use a known bogus key name.
I don't see anything in the docs that indicate syntax change.
Again, this worked just fine with 8.2.3-REL and prior. The BIND users
mailing list archive shows nothing related to these errors, and I
don't recall seeing anything like this on the freebsd lists.
My config is like this:
key kci-yertle. {
algorithm hmac-md5;
secret "my-secret-is-here";
};
server 216.194.193.105 {
keys { kci-yertle.; };
};
For kicks, I tried generating a new key using the dnskeygen progam,
but that also gave the same types of errors.
Any help would be appreciated.
More information about the bind-users
mailing list