Update DNSSEC Zone
John W. Blue
john.blue at rrcic.com
Mon May 10 02:34:57 UTC 2021
Hi Peter ..
How do you know your DNSSEC is working to begin with?
Here is a URL that I prefer to use that will help answer that question:
https://dnsviz.net/
What you are looking for is your to zone to be “secure”.
Since you are an experienced BIND admin .. any clues to be found in the logs? grep for “unsigned”.
One option that appears to be missing from your conf file is:
zone "supercoolzonehere.com" IN {
inline-signing yes;
};
Which would achieve the result that you described below wherein a record is added and “rndc reload” is executed.
Good hunting.
John
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Peter Fraser
Sent: Sunday, May 09, 2021 8:49 PM
To: bind-users at lists.isc.org
Subject: Update DNSSEC Zone
HI All,
I really would appreciate a pointer in the right direction. I took over a bind server recently. I am not new to bind. I have used it many times and honestly prefer it to windows dns but I have never worked with DNSSEC. I have been reading all day and I still can’t figure out how to update the DNSSEC zone. Can anyone assist me please? I did see one site that said I could just put in regular A record entries and run rndc reload and that would resign the zone. I tried that but it didn’t work.
I am using bind-9.14.x and here are the DNSSEC related entries in the zone.
auto-dnssec maintain;
update-policy local;
key-directory “zones/domain-keys”;
Best Regards,
SI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210510/a3a787fb/attachment-0001.htm>
More information about the bind-users
mailing list