inline-signing a zone that exists in two views
Gordon Messmer
gordon.messmer at gmail.com
Sat May 6 22:10:32 UTC 2017
I have a zone that I'd like to serve in two different views, with dnssec
in both views. However, this leads to a pair of error messages:
named[858]: malformed transaction:
dynamic/db.dragonsdawn.net.signed.jnl last serial 2017011485 !=
transaction first serial 2017011477
named[858]: zone dragonsdawn.net/IN/local_resolver (signed):
zone_resigninc:dns_journal_write_transaction -> unexpected error
Is it possible to serve a second view, using the keys that are
maintained in the primary view? This might be mostly for curiosity's
sake, since the value of signed responses is reasonably low for "local"
clients.
view local_resolver {
...
zone "dragonsdawn.net" IN {
type master;
file "dynamic/db.dragonsdawn.net";
update-policy local;
key-directory "keys/dragonsdawn.net";
inline-signing yes;
auto-dnssec allow;
};
};
view public {
recursion no;
...
zone "dragonsdawn.net" IN {
type master;
file "dynamic/db.dragonsdawn.net";
update-policy local;
key-directory "keys/dragonsdawn.net";
inline-signing yes;
auto-dnssec maintain;
};
};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170506/d3acd4b2/attachment.html>
More information about the bind-users
mailing list