Removed the signing files: domain.com.* and re-ran the siging process with
named not running.
With a new 'domain.com.signed' file created by the signing process and in
the named.conf zone section:
file "domain.com.signed";
Started named and everything appears to be working fine.
https://dnssec-deb
un "rndc zonestatus " on it.
> Then I look for the "serial:" and "signed serial:" values.On Thu, Mar 29,
2018 at 5:17 PM, Douglas C. Stephens wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Kim,
>
> I run BIND 9.11 so this might or might not translate down to BIND 9.10.
>
> When this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kim,
I run BIND 9.11 so this might or might not translate down to BIND 9.10.
When this happens to me, I run "rndc zonestatus " on it.
Then I look for the "serial:" and "signed serial:" values.
Normally, you would be correct in only needing to increm
Some additional info here, from named.conf, dnssec config:
options {
directory "/var/named";
[lines omitted]
dnssec-validation auto;
managed-keys-directory "/var/named/keys";
>From the zone section;
file "domain.com.signed";
key-directory "/var/named/keys/domain.com";
aut
Graham Clinch wrote:
>
> However, the 'allow-update' stanza makes me wonder whether you're mixing
> dynamic updates with manual zonefile changes - I'm not sure whether
> inline-signing can support a mixture of dynamic and manual
> modifications.
It is generally true (with DNSSEC or without) that
> I configure bind to serve "example.com" domain with
>
> 1. dnssec-enable yes;
> 2. auto-dnssec maintain;
> 3. inline-signing yes;
> 4. allow-update{localhost;};
>
> Bind can fully automatic dnssec signing on example.com but If I want to
> modify a record in example.co
Hi,
I configure bind to serve "example.com" domain with
1. dnssec-enable yes;
2. auto-dnssec maintain;
3. inline-signing yes;
4. allow-update{localhost;};
Bind can fully automatic dnssec signing on example.com but If I want to
modify a record in example.com zone
7 matches
Mail list logo
