DNSSEC with 9.7.2-P2
Phil Mayers
p.mayers at imperial.ac.uk
Fri Nov 12 13:04:35 UTC 2010
On 12/11/10 12:49, David Forrest wrote:
>
> and, on checking named.conf, I found the entry for br. as:
> trusted-keys {
> "br." 257 3 5
> "AwEAAdDoVnG9CyHbPUL2rTnE22uN66gQCrUW5W0NTXJBNmpZXP27w7PMNpyw3XCFQWP/XsT0pdzeEGJ400kdbbPqXr2lnmEtWMjj3Z/ejR8mZbJ/6OWJQ0k/2YOyo6Tiab1NGbGfs513y6dy1hOFpz+peZzGsCmcaCsTAv+DP/wmm+hNx94QqhVx0bmFUiCVUFKU3TS1GP415eykXvYDjNpy6AM=";
> };
This key is invalid for "br".
Since you're running 9.7.2, don't do this. "br" is signed by the root;
instead, defined a "managed-keys" statement for "." and let the root
DNSSEC take care of it.
See:
http://www.isc.org/community/blog/201007/using-root-dnssec-key-bind-9-resolvers
More information about the bind-users
mailing list