inline-signing a zone that exists in two views

[Gordon Messmer]

I have a zone that I'd like to serve in two different views, with dnssec 
in both views.  However, this leads to a pair of error messages:

    named[858]: malformed transaction:
    dynamic/db.dragonsdawn.net.signed.jnl last serial 2017011485 !=
    transaction first serial 2017011477
    named[858]: zone dragonsdawn.net/IN/local_resolver (signed):
    zone_resigninc:dns_journal_write_transaction -> unexpected error

Is it possible to serve a second view, using the keys that are 
maintained in the primary view?  This might be mostly for curiosity's 
sake, since the value of signed responses is reasonably low for "local" 
clients.


view local_resolver {
...
         zone "dragonsdawn.net" IN {
                 type master;
                 file "dynamic/db.dragonsdawn.net";
                 update-policy local;
                 key-directory "keys/dragonsdawn.net";
                 inline-signing yes;
                 auto-dnssec allow;
         };
};

view public {
         recursion no;
...
         zone "dragonsdawn.net" IN {
                 type master;
                 file "dynamic/db.dragonsdawn.net";
                 update-policy local;
                 key-directory "keys/dragonsdawn.net";
                 inline-signing yes;
                 auto-dnssec maintain;
         };
};

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170506/d3acd4b2/attachment.html>