multiple trusted-keys stanzas?
Mark Andrews
Mark_Andrews at isc.org
Mon Oct 13 22:10:16 UTC 2008
In message <8C8BC3C0-AA43-4E27-98F1-F894650AF3C8 at columbia.edu>, David Coulthart
writes:
> While I'm aware I can have multiple keys listed in a single trusted-
> keys stanza, I would prefer to keep groups of keys in separate files
> for easier management, but I can't use the include command inside a
> trust-keys stanza. So instead, I was thinking of putting each group of
> keys in its own trusted-keys stanza. Does anyone know if multiple
> trusted-keys stanzas works with BIND (9.5.0-P2)? A simple run of
> named-checkconf with such a config didn't produce any errors. But
> will it use all of the keys or just the ones from the last trusted-
> keys stanza or ...?
>
> Thanks,
> Dave Coulthart
A simple test would have shown you that it works. Put .SE's
trusted keys in one file and .BR's in another then do
"dig +dnssec SE SOA @server" and "dig +dnssec BR SOA @server"
and look at the responses. You should find AD is set for
both.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list