DNSSEC, views & trusted keys...
Mark Andrews
marka at isc.org
Fri Sep 10 02:05:54 UTC 2010
In message <4C891404.3000203 at imperial.ac.uk>, Phil Mayers writes:
> On 09/09/2010 03:45 PM, Timothe Litt wrote:
>
> >
> > There is other advice in the ARM that says to put 'your organization's
> > public keys in the trusted-keys list'. That doesn't help - and in fact,
> > confuses me even more since example.net has TWO different public keys - one
> > for each view. And trusted-keys is a global server option...
> >
> > I must be missing something.
>
> I don't think so. Currently AFAICT bind will not set AD on authoritative
> zones, with any combination of options.
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Add a match-recursion-only view;
view secure {
match-clients { internal; };
match-recursion-only yes;
recursion yes;
};
view internal {
match-clients { internal; };
recursion no;
};
view external {
match-clients { !internal; any };
recursion no;
};
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list