Primary zone not fully maintained by BIND
Nick Tait
nick at tait.net.nz
Fri May 27 08:27:01 UTC 2022
On 26/05/22 20:34, Matthijs Mekking wrote:
> What version are you using? We had a bug with dnssec-policy and views
> (#2463), but that has been fixed.
>
> Since 9.16.18 you should not be able to set the same key-directory for
> the same zone in different views.
Hi Matthijs.
You got me worried just then because for several years I have been using
a split DNS set-up, with the same zone defined in two different views
which share a common keys directory. And then about a month ago I
upgraded from 9.16.something to 9.18.1.
But I've managed to find the release note that I think you're referring
to. From
https://downloads.isc.org/isc/bind9/9.16.29/doc/arm/html/notes.html#id24 :
Zones which are configured in multiple views, with different values
set for |dnssec-policy| and with identical values set for
|key-directory|, are now detected and treated as a configuration
error. *[GL #2463]*
<https://gitlab.isc.org/isc-projects/bind9/-/issues/2463>
So based on this it would seem that it is OK for two views to define the
same DNSSEC zone and share the same keys directory, *as long as they are
using the same dnssec-policy*?
Please advise if I've got that wrong?
Thanks,
Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220527/c2a9bdd6/attachment.htm>
More information about the bind-users
mailing list