dnssec-policy syntax error in options but not in view
Matthijs Mekking
matthijs at isc.org
Fri Aug 4 07:44:06 UTC 2023
What Mark said.
So that would become:
dnssec-policy "mydefault" {
keys {
csk key-directory lifetime unlimited algorithm ecdsa256;
};
};
options {
dnssec-policy "mydefault";
};
On 8/4/23 01:32, Mark Andrews wrote:
> You can’t define a policy there. You can tell named to use the policy.
> Move the definition outside of options.
>
> --
> Mark Andrews
>
>> On 4 Aug 2023, at 08:26, E R <fasteddieinaustin at gmail.com> wrote:
>>
>>
>> My understanding from the ARM is that the dnssec-policy can be in the
>> "options", "view" or "zone". I have mine in "view" and when I try to
>> move into "options" I get a syntax error that I cannot seem to
>> understand what is wrong. I stripped out all other statements and
>> reduced the dnssec-policy to just a handful of items to KISS and I
>> still do not see why why I get the error from named-checkconf. I can
>> move the block from under "options" to the "view" and it just works so
>> I am not sure why named-checkconf thinks there is a missing
>> semicolon? Bind 9.16.23-RH.
>>
>> # named-checkconf 1.conf
>> 1.conf:3: missing ';' before '{'
>> 1.conf:3: '}' expected near '{'
>>
>> # cat 1.conf
>> options {
>> dnssec-policy "mydefault" {
>> keys {
>> csk key-directory lifetime unlimited algorithm ecdsa256;
>> };
>> };
>> };
>>
>>
>> --
>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>> from this list
>>
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list