Bind 9.9.0b2 inline signing...
McConville, Kevin
kmcconville at albany.edu
Tue Nov 22 16:58:16 UTC 2011
I have opened up a Bug ticket with ISC on this - #26676, but I just wanted to make sure that I'm not doing anything "wrong" that may be causing the issue.
Has anyone been able to get inline-signing to work on a static master zone using an authoritative server?
When we manually change the Master static zone file - ualbanytest.org - the signed and signed.jnl files are not getting an update - as shown by the time/date stamps below (just using rndc reload).
-rw-rw-r-- 1 named root 1077 Nov 22 11:22 ualbanytest.org
-rw------- 1 named named 9415 Nov 22 11:14 ualbanytest.org.signed
-rw------- 1 named named 12041 Nov 22 11:02 ualbanytest.org.signed.jnl
The log shows the correct serial for the unsigned zone, but then pulls the wrong signed file.
>>>>>>>
22-Nov-2011 11:25:28.314 general: info: received control channel command 'reload'
22-Nov-2011 11:25:28.314 general: info: loading configuration from '/etc/named.conf'
22-Nov-2011 11:25:28.315 general: info: using default UDP/IPv4 port range: [1024, 65535]
22-Nov-2011 11:25:28.315 general: info: using default UDP/IPv6 port range: [1024, 65535]
22-Nov-2011 11:25:28.316 general: info: sizing zone task pool based on 4 zones
22-Nov-2011 11:25:28.318 general: info: zone ualbanytest.org/IN (signed): (master) removed
22-Nov-2011 11:25:28.318 general: info: reloading configuration succeeded
22-Nov-2011 11:25:28.318 general: info: reloading zones succeeded
22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (unsigned): loaded serial 2011112201
22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (signed): loaded serial 2011112114 (DNSSEC signed)
22-Nov-2011 11:25:28.320 general: notice: all zones loaded
22-Nov-2011 11:25:28.320 general: notice: running
22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (signed): reconfiguring zone keys
22-Nov-2011 11:25:28.321 general: info: zone ualbanytest.org/IN (signed): next key event: 22-Nov-2011 11:35:28.321
22-Nov-2011 11:25:28.321 notify: info: zone ualbanytest.org/IN (signed): sending notifies (serial 2011112114)
>>>>>>>
>From Named.conf:
>>>>>>>>>>>>>>>>>>>>>>>>
options {
directory "/conf";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
dump-file "/var/run/named.db";
version "[secured]";
dnssec-enable yes;
sig-validity-interval 10;
dnssec-loadkeys-interval 10;
empty-zones-enable no;
};
# DNSSEC Zone
zone "ualbanytest.org" {
type master;
file "ualbanytest.org";
auto-dnssec maintain;
inline-signing yes;
key-directory "/conf";
serial-update-method increment;
};
>>>>>>>>>>>>>>>>>>>>>
Has anyone gotten this to work on an authoritative (meaning that I am missing something) or is it a "real" bug? I just don't want to be claiming it's a "bug" if it's something that I messed up or fat fingered :)
Thanks you all in advance.
Thanks,
-Kevin
Kevin McConville
University at Albany
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111122/32ca8f92/attachment.html>
More information about the bind-users
mailing list