BIND 8.2.4-REL in FreeBSD 4.4 broke my DNSSEC
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Fri Sep 28 08:05:27 UTC 2001
> I had been running 4.3-STABLE from about June on my primary DNS
> server, and had BIND 8.2.3-REL on it (I forget if I updated it or it
> was already that version when I installed FreeBSD).
>
> Anyhow, my DNSSEC configuration is now failing with these errors:
>
> /etc/namedb/named.conf:23: unknown key 'kci-yertle'
> /etc/namedb/named.conf:23: empty key not added to server list
> /etc/namedb/named.conf:51: unknown key 'vortex-kci'
> /etc/namedb/named.conf:51: empty key not added to server list
>
> Does anyonw know anything about this? I see in the CHANGES file these
> entries:
>
> 1186. [bug] DNSSEC key ids were computed incorrectly.
> 1156. [bug] don't use a known bogus key name.
>
> I don't see anything in the docs that indicate syntax change.
>
> Again, this worked just fine with 8.2.3-REL and prior. The BIND users
> mailing list archive shows nothing related to these errors, and I
> don't recall seeing anything like this on the freebsd lists.
>
> My config is like this:
>
> key kci-yertle. {
> algorithm hmac-md5;
secret "my-secret-is-here";
> };
>
> server 216.194.193.105 {
> keys { kci-yertle.; };
> };
Are you sure that you have these clauses in this order and not
the reverse order. Keys have to be defined before they used.
>
> For kicks, I tried generating a new key using the dnskeygen progam,
> but that also gave the same types of errors.
>
> Any help would be appreciated.
>
> To Unsubscribe: send mail to majordomo at FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
To Unsubscribe: send mail to majordomo at FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
More information about the bind-users
mailing list