Bind 9.9.0b2 inline signing...

McConville, Kevin kmcconville at albany.edu
Tue Nov 22 16:58:16 UTC 2011 

I have opened up a Bug ticket with ISC on this - #26676, but I just wanted to make sure that I'm not doing anything "wrong" that may be causing the issue.

Has anyone been able to get inline-signing to work on a static master zone using an authoritative server?

When we manually change the Master static zone file - ualbanytest.org - the signed and signed.jnl files are not getting an update - as shown by the time/date stamps below (just using rndc reload).

-rw-rw-r-- 1 named root   1077 Nov 22 11:22 ualbanytest.org
-rw------- 1 named named  9415 Nov 22 11:14 ualbanytest.org.signed
-rw------- 1 named named 12041 Nov 22 11:02 ualbanytest.org.signed.jnl

The log shows the correct serial for the unsigned zone, but then pulls the wrong signed file.
>>>>>>>
22-Nov-2011 11:25:28.314 general: info: received control channel command 'reload'
22-Nov-2011 11:25:28.314 general: info: loading configuration from '/etc/named.conf'
22-Nov-2011 11:25:28.315 general: info: using default UDP/IPv4 port range: [1024, 65535]
22-Nov-2011 11:25:28.315 general: info: using default UDP/IPv6 port range: [1024, 65535]
22-Nov-2011 11:25:28.316 general: info: sizing zone task pool based on 4 zones
22-Nov-2011 11:25:28.318 general: info: zone ualbanytest.org/IN (signed): (master) removed
22-Nov-2011 11:25:28.318 general: info: reloading configuration succeeded
22-Nov-2011 11:25:28.318 general: info: reloading zones succeeded
22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (unsigned): loaded serial 2011112201
22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (signed): loaded serial 2011112114 (DNSSEC signed)
22-Nov-2011 11:25:28.320 general: notice: all zones loaded
22-Nov-2011 11:25:28.320 general: notice: running
22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (signed): reconfiguring zone keys
22-Nov-2011 11:25:28.321 general: info: zone ualbanytest.org/IN (signed): next key event: 22-Nov-2011 11:35:28.321
22-Nov-2011 11:25:28.321 notify: info: zone ualbanytest.org/IN (signed): sending notifies (serial 2011112114)
>>>>>>>

>From Named.conf:

>>>>>>>>>>>>>>>>>>>>>>>>
options {
                directory       "/conf";
                pid-file        "/var/run/named.pid";
                statistics-file "/var/run/named.stats";
                dump-file       "/var/run/named.db";
                version         "[secured]";
                dnssec-enable yes;
        sig-validity-interval 10;
        dnssec-loadkeys-interval 10;
        empty-zones-enable no;
};

# DNSSEC Zone
zone "ualbanytest.org" {
     type master;
     file "ualbanytest.org";
     auto-dnssec maintain;
     inline-signing yes;
     key-directory "/conf";
     serial-update-method increment;
};

>>>>>>>>>>>>>>>>>>>>>

Has anyone gotten this to work on an authoritative (meaning that I am missing something) or is it a "real" bug? I just don't want to be claiming it's a "bug" if it's something that I messed up or fat fingered :)

Thanks you all in advance.

Thanks,

-Kevin


Kevin McConville

University at Albany


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111122/32ca8f92/attachment.html>

More information about the bind-users mailing list