dnssec-policy syntax error in options but not in view
Mark Andrews
marka at isc.org
Thu Aug 3 23:32:59 UTC 2023
You can’t define a policy there. You can tell named to use the policy. Move the definition outside of options.
--
Mark Andrews
> On 4 Aug 2023, at 08:26, E R <fasteddieinaustin at gmail.com> wrote:
>
>
> My understanding from the ARM is that the dnssec-policy can be in the "options", "view" or "zone". I have mine in "view" and when I try to move into "options" I get a syntax error that I cannot seem to understand what is wrong. I stripped out all other statements and reduced the dnssec-policy to just a handful of items to KISS and I still do not see why why I get the error from named-checkconf. I can move the block from under "options" to the "view" and it just works so I am not sure why named-checkconf thinks there is a missing semicolon? Bind 9.16.23-RH.
>
> # named-checkconf 1.conf
> 1.conf:3: missing ';' before '{'
> 1.conf:3: '}' expected near '{'
>
> # cat 1.conf
> options {
> dnssec-policy "mydefault" {
> keys {
> csk key-directory lifetime unlimited algorithm ecdsa256;
> };
> };
> };
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230804/54c53641/attachment-0001.htm>
More information about the bind-users
mailing list