bind 9.9 & inline-signing issue..
Howard Leadmon
howard at leadmon.net
Mon Jan 30 20:46:46 UTC 2012
Nope, granted you would think that should work, but I really do have two
different views in different files, as I use it to support both my internal
IPv4 RFC1918 space, and my external view for what the rest of the world
should see.
Here is what my config looks like:
// Internal View
zone "leadmon.org" {
type master;
file "master/leadmon.org/db.leadmon.org-internal";
key-directory "mkeys/leadmon.org";
allow-transfer {
primary_servers;
};
auto-dnssec maintain;
inline-signing yes;
}
// External View
zone "leadmon.org" {
type master;
file "master/leadmon.org/db.leadmon.org-external";
key-directory "mkeys/leadmon.org";
allow-transfer {
primary_servers;
absnet_servers;
puck_servers;
};
auto-dnssec maintain;
inline-signing yes;
};
As stated in a prior message, just the signed zone is not being updated,
when I make an update to the unsigned zone file. The earlier posting
suggesting that I do a "rndc reload <zone>" does indeed cause the signed
zones to update, but you must specify the zone, just doing a "rndc reload"
to reload everything results in no update being performed on the signed
zone, and even a hard restart of the named process doesn't cause an update.
---
Howard Leadmon
> -----Original Message-----
> From: bind-users-bounces+howard=leadmon.net at lists.isc.org [mailto:bind-
> users-bounces+howard=leadmon.net at lists.isc.org] On Behalf Of Alan Clegg
> Sent: Monday, January 30, 2012 8:00 AM
> To: bind-users at lists.isc.org
> Subject: Re: bind 9.9 & inline-signing issue..
>
> On 1/30/2012 5:28 AM, Howard Leadmon wrote:
>
> > Jan 30 05:23:26 minbari named[30332]: zone leadmon.org/IN/external
> > (unsigned): loaded serial 2012012901
> > Jan 30 05:23:26 minbari named[30332]: zone leadmon.org/IN/external
> (signed):
> > serial 2012012901 (unsigned 2012012901) Jan 30 05:23:26 minbari
> > named[30332]: zone leadmon.org/IN/external (signed):
> > sending notifies (serial 2012012901)
>
> Are you, by any chance, using the same FILE for the zone definition of
both
> the internal and external views?
>
> You may have done this upstream in the thread, but can you post the zone
> stanzas for leadmon.org for both views?
>
> AlanC
> --
> alan at clegg.com | aclegg at infoblox.com
> 1.919.355.8851
More information about the bind-users
mailing list