named-checkzone error "NSEC node already exists"
jim
glass4545 at gmail.com
Mon Dec 6 20:36:15 UTC 2010
Hi,
Running BIND 9.7.0-P2-RedHat-9.7.0-5.P2.el6
New setup/install and attempting to setup DNSSEC and clean any dirty data.
Got the zone signed and ran named-checkzone against it and got the following
(11) times:
addnode: NSEC node already exists
The .signed loads but want to have clean before going live and not sure how
to narrow down where these eleven duplicates are coming from?
See these repeated eleven times in debug.log for each start of named,
running debug of 3
06-Dec-2010 14:43:39.266 database: warning: addnode: NSEC node already
exists
Sorry, some more stupid questions on DNSSEC that I'm just confused about.
1) Do I sign my n.n.n.in-addr.arpa zone just like my domain.edu?
# dnssec-keygen -r /dev/urandom n.n.n.in-addr.arpa
# dnssec-keygen -f KSK -r /dev/urandom n.n.n.in-addr.arpa
# named-checkzone -t /var/named n.n.n.in-addr.arpa dns.net.domain
runs OK
# dnssec-signzone -g -k Kn.n.n.in-addr.arpa.+005+33126.key -o
n.n.n.in-addr.arpa dns.net-iup Kn.n.n.in-addr.arpa.+005+24720.key
2) After I have my island of security setup and working, register the KSK
public key with educause correct?
3) After registered with educause should I stop reading in
/etc/named.iscdlv.key?
thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20101206/7f4c99ae/attachment.html>
More information about the bind-users
mailing list