DNSSEC with 9.7.2-P2
Paul Wouters
paul at xelerance.com
Fri Nov 12 15:28:02 UTC 2010
On Fri, 12 Nov 2010, Alan Clegg wrote:
> On 11/12/2010 7:49 AM, David Forrest wrote:
>> While running BIND 9.7.2-P2 built with defaults on F11
>
> [..]
>
>> and, on checking named.conf, I found the entry for br. as:
>> trusted-keys {
>> "br." 257 3 5
>> "AwEAAdDoVnG9CyHbPUL2rTnE22uN66gQCrUW5W0NTXJBNmpZXP27w7PMNpyw3XCFQWP/XsT0pdzeEGJ400kdbbPqXr2lnmEtWMjj3Z/ejR8mZbJ/6OWJQ0k/2YOyo6Tiab1NGbGfs513y6dy1hOFpz+peZzGsCmcaCsTAv+DP/wmm+hNx94QqhVx0bmFUiCVUFKU3TS1GP415eykXvYDjNpy6AM=";
>> };
>
> If Fedora 11 (I'm assuming that is what "F11" is) has built in
> trust-anchors in the distributed named.conf, someone needs to talk to
> them...
It was a separate file named.keys, and if the machine has received all the
updates it should no longer be included in named.conf. Keys were never
hardcoded in named.conf. If that's where these keys are, someone put them
in their manually.
Paul
More information about the bind-users
mailing list