Re: dnssec-keymgr fails to apply policy

2019-06-23 Thread Lefteris Tsintjelis via bind-users
On 23/6/2019 20:28, Evan Hunt wrote: On Sun, Jun 23, 2019 at 05:01:11PM +, Evan Hunt wrote: It's a bug. I see the same result. Thanks for pointing it out, I'm looking into it. Ah, I see the problem. You overrode the default policy by using the name "default", but you didn't set a "coverage

Re: dnssec-keymgr fails to apply policy

2019-06-23 Thread Evan Hunt
On Sun, Jun 23, 2019 at 05:01:11PM +, Evan Hunt wrote: > It's a bug. I see the same result. Thanks for pointing it out, I'm > looking into it. Ah, I see the problem. You overrode the default policy by using the name "default", but you didn't set a "coverage" value in your new defaults, so it c

Re: dnssec-keymgr fails to apply policy

2019-06-23 Thread Evan Hunt
On Sun, Jun 23, 2019 at 03:48:21AM +0300, Lefteris Tsintjelis via bind-users wrote: > I always get this message: > > Unable to apply policy: example.com/ECDSAP256SHA256: unsupported operand > type(s) for +: 'float' and 'NoneType' > > Any ideas what this may be? It's a bug. I see the same resul

dnssec-keymgr fails to apply policy

2019-06-22 Thread Lefteris Tsintjelis via bind-users
I am using FreeBSD with bind v9.11.8. v9.11.6P1 also had the same problem. I am using ECDSAP256SHA256 for ZSK and KSK. I have made a very simple policy that I am trying to automate by using dnssec-keymgr in crontab. policy default { directory "/usr/local/etc/namedb

Re: dnssec-keymgr

2018-10-18 Thread CT
I have a working test box based on: http://bind-users-forum.2342410.n4.nabble.com/Automatic-Key-Management-td4317.html https://kb.isc.org/docs/aa-00711 It  appears that the  dnssec-keymgr will keep track of the ZSK keys but I will need to re-sign the zone on changes or weekly. Current zsk

dnssec-keymgr

2018-10-18 Thread CT
All. Not much on the subject other than a few posts. didn't find anything in my last ARM search either.. Thx CT ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.i

Re: dnssec-keymgr: Plans and usage?

2016-06-27 Thread Tony Finch
be wrapped using the -s option of > dnssec-keymgr to send a DS update via the registrar to the parent on > publications or removals of DNSKEYs from the zone. > > But are there any other concepts or thoughts like supporting hooks for > different phases in key rollovers? I would li

dnssec-keymgr: Plans and usage?

2016-06-25 Thread bind-users
Hi, lastly I've discovered the new python tool dnssec-keymgr included in BIND 9.11 alpha release. I'm seeking for simple tools to handle key rollovers unattended. And the lightweight dnssec-keymgr could be the right one. Are there any future plans or milestones out there (expect of