trusted-keys statement
Jim Reid
jim at rfc1035.com
Sat May 27 08:46:14 UTC 2000
>>>>> "Stefan" == Stefan Mangard <smang at cs.jhu.edu> writes:
Stefan> Hi, I am sorry to mail about this to the list, but somehow
Stefan> I am not able to write a valid trusted-keys statement.
Stefan> I tried:
Stefan> trusted-keys { updater.domain. 513 3 157 BWQUYHkhHinLugX
Stefan> <snip> };
Stefan> I also tried to quote the domain name, but it I always get
Stefan> a syntax error.
Did you put a semi-colon after the base-64 encoding of the key? And
did you enclose the base-64 string in double quotes? Here's an example
of a trusted-keys statement that's syntactically correct.
trusted-keys {
example.com. 16641 3 3 "ANMOZh0b5QlfBNXuTjVV+wsXwqAn6yhaw7s1mL0qTU/pRWXqom7eYFVdNUGu4jGPWMBOXT6CRY809c1RezLhu9vj4PsF4GRrJHfwbxL/B/jyCu4x8RITdvj9eCrYIF0DWbN4TzUhOFOYSLbw8KwfcwRiFgXDPLDwAcawdLaT7dpuqzvNHXZWsuSvxbGxB0XuKGO1o4JHhBpCAUcARX/9rZ7DGCgqr2NuCqre+ydRNFPt2fgqXZOix3DeGkAFYgySFbNzIrEF8GyunkFSix7XC8JXA1Ou";
};
BTW you should have shown the list *exactly* what you put in
named.conf. Hiding that information serves no purpose other than to
make it hard to guess what you did wrong. And if you were bothered
about disclosing a key - it's public keys that go in trusted-keys
statements anyway - you could have provided a dummy key instead of the
real one.
More information about the bind-users
mailing list