bind 9.9 & inline-signing issue..

Howard Leadmon howard at leadmon.net
Mon Jan 30 20:46:46 UTC 2012 

  Nope, granted you would think that should work, but I really do have two
different views in different files, as I use it to support both my internal
IPv4 RFC1918 space, and my external view for what the rest of the world
should see.

 Here is what my config looks like:

// Internal View
zone "leadmon.org" {
        type master;
        file "master/leadmon.org/db.leadmon.org-internal";
        key-directory "mkeys/leadmon.org";
        allow-transfer { 
                primary_servers;
        };
        auto-dnssec maintain;
        inline-signing yes;
}

// External View
zone "leadmon.org" {
        type master;
        file "master/leadmon.org/db.leadmon.org-external";
        key-directory "mkeys/leadmon.org";
        allow-transfer {        
                primary_servers;
                absnet_servers;
                puck_servers;
        };
        auto-dnssec maintain;
        inline-signing yes;
};


 As stated in a prior message, just the signed zone is not being updated,
when I make an update to the unsigned zone file.   The earlier posting
suggesting that I do a "rndc reload <zone>" does indeed cause the signed
zones to update, but you must specify the zone, just doing a "rndc reload"
to reload everything results in no update being performed on the signed
zone, and even a hard restart of the named process doesn't cause an update.


---
Howard Leadmon 

> -----Original Message-----
> From: bind-users-bounces+howard=leadmon.net at lists.isc.org [mailto:bind-
> users-bounces+howard=leadmon.net at lists.isc.org] On Behalf Of Alan Clegg
> Sent: Monday, January 30, 2012 8:00 AM
> To: bind-users at lists.isc.org
> Subject: Re: bind 9.9 & inline-signing issue..
> 
> On 1/30/2012 5:28 AM, Howard Leadmon wrote:
> 
> > Jan 30 05:23:26 minbari named[30332]: zone leadmon.org/IN/external
> > (unsigned): loaded serial 2012012901
> > Jan 30 05:23:26 minbari named[30332]: zone leadmon.org/IN/external
> (signed):
> > serial 2012012901 (unsigned 2012012901) Jan 30 05:23:26 minbari
> > named[30332]: zone leadmon.org/IN/external (signed):
> > sending notifies (serial 2012012901)
> 
> Are you, by any chance, using the same FILE for the zone definition of
both
> the internal and external views?
> 
> You may have done this upstream in the thread, but can you post the zone
> stanzas for leadmon.org for both views?
> 
> AlanC
> --
> alan at clegg.com | aclegg at infoblox.com
>           1.919.355.8851

More information about the bind-users mailing list