Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #92
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!gegeweb.42!gegeweb.eu!nntpfeed.proxad.net!proxad.net!feeder1-2.proxad.net!news.glorb.com!usenet.stanford.edu!not-for-mail |
|---|---|
| From | "McConville, Kevin" <kmcconville@albany.edu> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | OT: Bind 9.9.0B1 Inline-Signing Question |
| Date | Thu, 10 Nov 2011 20:23:43 +0000 |
| Lines | 160 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.52.1320956683.68562.bind-users@lists.isc.org> (permalink) |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | multipart/alternative; boundary="_000_50332557F96B4E48BF3FD9B57AA82C220B8F9BCH1PRD0402MB120na_" |
| X-Trace | usenet.stanford.edu 1320956683 19484 149.20.64.75 (10 Nov 2011 20:24:43 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | "bind-users@lists.isc.org" <bind-users@lists.isc.org> |
| Return-Path | <kmcconville@albany.edu> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| X-SpamScore | -4 |
| X-BigFish | PS-4(zzc85fh4015Lzz1202hzz8275bh8275dhz2fh2a8h668h839h) |
| X-Forefront-Antispam-Report | CIP:207.46.198.81; KIP:(null); UIP:(null); IPVD:NLI; H:CH1PRD0402HT002.namprd04.prod.outlook.com; RD:none; EFVD:NLI |
| Received-SPF | pass (mail11-ch1: domain of albany.edu designates 207.46.198.81 as permitted sender) client-ip=207.46.198.81; envelope-from=kmcconville@albany.edu; helo=CH1PRD0402HT002.namprd04.prod.outlook.com ; .outlook.com ; |
| Thread-Topic | OT: Bind 9.9.0B1 Inline-Signing Question |
| Thread-Index | Acyf5qSB0tUmXgErSGOvUI+q3PSsDw== |
| Accept-Language | en-US |
| Content-Language | en-US |
| X-MS-Has-Attach | |
| X-MS-TNEF-Correlator | |
| x-originating-ip | [169.226.69.76] |
| X-OriginatorOrg | albany.edu |
| X-Spam-Status | No, score=-1.9 required=5.0 tests=AWL,BAYES_00,HTML_MESSAGE autolearn=ham version=3.3.1 |
| X-Spam-Checker-Version | SpamAssassin 3.3.1 (2010-03-16) on mx.ams1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| Xref | x330-a1.tempe.blueboxinc.net comp.protocols.dns.bind:92 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
I know that this isn't the forum for betas, which is why I put off-topic on the subject line. We are trying to implement DNSSEC for our static zones. While the dynamic signing has been automated, static inline-signing isn't available until Bind 9.9 We have been testing with the alphas and now with the beta. What we are seeing is that whenever named starts, it initially creates the signed static zone file, but never really finishes. The logging shows: 10-Nov-2011 14:38:14.766 general: error: zone xxxxxx.org/IN (signed): not loaded due to errors. 10-Nov-2011 14:38:14.766 general: info: zone localhost/IN: loaded serial 42 10-Nov-2011 14:38:14.767 general: notice: all zones loaded 10-Nov-2011 14:38:14.768 general: notice: running 10-Nov-2011 14:38:14.768 general: info: zone xxxxxx.org/IN (signed): loaded serial 2011110905 10-Nov-2011 14:38:14.768 notify: info: zone xxxxxx.org/IN /IN (signed): sending notifies (serial 2011110905) So, it doesn't load the zone due to errors, but then later claims to load the same zone file. Has anyone been able to get the inline-signing function to work? I've triple-checked my named.conf, ran named-checkzone, went to a vanilla zone file, and even tested the zone file as dynamic (which worked). Any ideas or suggestions of where to check next are greatly appreciated. Thanks, -Kevin Kevin McConville University at Albany
Back to comp.protocols.dns.bind | Previous | Next | Find similar
OT: Bind 9.9.0B1 Inline-Signing Question "McConville, Kevin" <kmcconville@albany.edu> - 2011-11-10 20:23 +0000
csiph-web