Bind 9.9.0B1 Inline-Signing Question

McConville, Kevin kmcconville at albany.edu
Thu Nov 17 16:55:15 UTC 2011 

First off, Thank you to all who responded/helped in my previous post - this list is a wonderful community. The inline-signing is now working...sort of.

We edit the static zone, adding a resource record (of any type), increment the serial, and then do a rndc reload. However, Bind is still looking at the previous dnssec signed file - it's not picking up the new records.
Another strange thing is that using the auto-dnssec maintain option, it is still creating a journal file -

-rw-rw-r-- 1 named root   2250 Nov 17 11:29 ualbanytest.org.db
-rw------- 1 named named  9969 Nov 16 12:04 ualbanytest.org.db.signed
-rw------- 1 named named 13095 Nov 16 11:52 ualbanytest.org.db.signed.jnl

Doing an rndc stop, removing the signed and signed.jnl files, the new resource records are picked up when named is restarted. But, that defeats the point of inline-signing.

Below is info from our named.conf and our log file (we are using it a chroot and is being run as user named):

>>>>>>
options {
        directory       "/conf";
        pid-file        "/var/run/named.pid";
        statistics-file "/var/run/named.stats";
        dump-file       "/var/run/named.db";
        version         "[secured]";
        dnssec-enable yes;
        sig-validity-interval 10;
        dnssec-loadkeys-interval 10;
        empty-zones-enable no;
};

# DNSSEC Zone
zone "ualbanytest.org" {
     type master;
     file "ualbanytest.org.db";
     auto-dnssec maintain;
     inline-signing yes;
     key-directory "/conf";
     serial-update-method increment;
};
>>>>>>>>>
17-Nov-2011 11:29:56.865 general: info: received control channel command 'reload'
17-Nov-2011 11:29:56.865 general: info: loading configuration from '/etc/named.conf'
17-Nov-2011 11:29:56.866 general: info: using default UDP/IPv4 port range: [1024, 65535]
17-Nov-2011 11:29:56.866 general: info: using default UDP/IPv6 port range: [1024, 65535]
17-Nov-2011 11:29:56.867 general: info: sizing zone task pool based on 4 zones
17-Nov-2011 11:29:56.869 general: info: zone ualbanytest.org/IN (signed): (master) removed
17-Nov-2011 11:29:56.869 general: info: reloading configuration succeeded
17-Nov-2011 11:29:56.869 general: info: reloading zones succeeded
17-Nov-2011 11:29:56.871 general: info: zone ualbanytest.org/IN (unsigned): loaded serial 2011111701
17-Nov-2011 11:29:56.871 general: info: zone ualbanytest.org/IN (signed): loaded serial 2011111507 (DNSSEC signed)
17-Nov-2011 11:29:56.871 general: notice: all zones loaded
17-Nov-2011 11:29:56.871 general: notice: running
17-Nov-2011 11:29:56.871 general: info: zone ualbanytest.org/IN (signed): reconfiguring zone keys
17-Nov-2011 11:29:56.872 general: info: zone ualbanytest.org/IN (signed): next key event: 17-Nov-2011 11:39:56.872
17-Nov-2011 11:29:56.872 notify: info: zone ualbanytest.org/IN (signed): sending notifies (serial 2011111507)
>>>>>>>

I'm probably missing something, but this list has really been very helpful. Any ideas or suggestions  are greatly appreciated.

Thanks,

-Kevin


Kevin McConville

University at Albany

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111117/02030a8e/attachment.html>

More information about the bind-users mailing list