dnssec-lookaside auto and managed-keys-zone problem with certain views
Evan Hunt
each at isc.org
Sun Jul 18 16:58:15 UTC 2010
> Is there a way of using dnssec-lookaside and forcing bind not to
> maintain a managed-keys-zone for certain views?
Sure, just do it the old way, without "dnssec-lookaside auto".
Put these in the view statement:
dnssec-lookaside . trust-anchor dlv.isc.org;
trusted-keys {
dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh";
};
(Except, you know, get the key text from a secure channel or from the
signed bind9 distribution, not from email...)
--
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list