BIND rejecting key to update a zone
Michał Kępień
michal at isc.org
Mon Jun 11 07:19:37 UTC 2018
> Hi Michal, thanks for the reply and sorry for the delay on my end.
>
> I've started a fresh install here and started over and still having the
> same issue, even when I crank the debug trace up to 5, I'm not seeing
> anything additional in the logs:
>
> 08-Jun-2018 14:56:50.281 update-security: info: client
> 127.0.0.1#32983/key rpz-update: signer "rpz-update" denied
> 08-Jun-2018 14:56:50.281 update-security: error: client
> 127.0.0.1#32983/key rpz-update: update 'test.rpz/IN' denied
Ah, it seems I did not make myself clear enough, sorry. What I was
really hoping for is to see debug logs for the entire process of
handling the UPDATE query that is being denied, not just the last part
where the denial itself is being reported. These logs would probably
contain interesting bits that could help prove or disprove my Unicode
theory.
In any case, since you got the same, unexpected result after starting
over, this looks like a potential bug, but I am afraid I really need to
take a look at your full configuration to make any headway here,
otherwise this will mostly be an exercise in tasseography as it seems to
work as expected for me. Tracking this further as a GitLab issue makes
most sense to me. I assume that the configuration you are using is not
deployed in production, but if you nevertheless have any confidentiality
concerns, you can use "named-checkconf -px" to conceal your key secrets
and/or mark the GitLab issue as confidential. Also feel free to contact
me off-list if that suits you best.
Thanks,
--
Best regards,
Michał Kępień
More information about the bind-users
mailing list