Primary zone not fully maintained by BIND
Sandro
lists at penguinpee.nl
Thu May 26 10:00:06 UTC 2022
On 26-05-2022 11:05, Sandro wrote:
> I'll take a look at the bug report in a minute.
Well, there are similarities between #2463 and my setup, but also
differences.
In my case, all zones are signed, internal and external. I have one
dnssec-policy defined in the options section, which is a verbatim copy
of dnssec-policy.default with only one adjustment:
zone-propagation-delay is set to 1h instead of 300s.
The internal view of penguinpee.nl is a dynamic primary zone. It
receives zone updates from Kea DHCP Server. The external zone is a
static primary zone, updated manually as needed.
Since they share the same key now, I could reconfigure the internal view
and have BIND create a new key in a separate directory for that view. I
could also define a separate policy for the internal view to see if that
makes a difference. Probably one change at a time to nail this thing down.
Thank you, Matthijs, for pointing out the bug. Do you have any
suggestion for what to try first, key separation or policy separation?
-- Sandro
More information about the bind-users
mailing list