Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!gegeweb.42!gegeweb.eu!nntpfeed.proxad.net!proxad.net!feeder1-2.proxad.net!news.glorb.com!usenet.stanford.edu!not-for-mail From: "McConville, Kevin" Newsgroups: comp.protocols.dns.bind Subject: OT: Bind 9.9.0B1 Inline-Signing Question Date: Thu, 10 Nov 2011 20:23:43 +0000 Lines: 160 Approved: bind-users@lists.isc.org Message-ID: NNTP-Posting-Host: lists.isc.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="_000_50332557F96B4E48BF3FD9B57AA82C220B8F9BCH1PRD0402MB120na_" X-Trace: usenet.stanford.edu 1320956683 19484 149.20.64.75 (10 Nov 2011 20:24:43 GMT) X-Complaints-To: action@cs.stanford.edu To: "bind-users@lists.isc.org" Return-Path: X-Original-To: bind-users@lists.isc.org Delivered-To: bind-users@lists.isc.org X-SpamScore: -4 X-BigFish: PS-4(zzc85fh4015Lzz1202hzz8275bh8275dhz2fh2a8h668h839h) X-Forefront-Antispam-Report: CIP:207.46.198.81; KIP:(null); UIP:(null); IPVD:NLI; H:CH1PRD0402HT002.namprd04.prod.outlook.com; RD:none; EFVD:NLI Received-SPF: pass (mail11-ch1: domain of albany.edu designates 207.46.198.81 as permitted sender) client-ip=207.46.198.81; envelope-from=kmcconville@albany.edu; helo=CH1PRD0402HT002.namprd04.prod.outlook.com ; .outlook.com ; Thread-Topic: OT: Bind 9.9.0B1 Inline-Signing Question Thread-Index: Acyf5qSB0tUmXgErSGOvUI+q3PSsDw== Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [169.226.69.76] X-OriginatorOrg: albany.edu X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,HTML_MESSAGE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.ams1.isc.org X-BeenThere: bind-users@lists.isc.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: BIND Users Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: x330-a1.tempe.blueboxinc.net comp.protocols.dns.bind:92 --_000_50332557F96B4E48BF3FD9B57AA82C220B8F9BCH1PRD0402MB120na_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I know that this isn't the forum for betas, which is why I put off-topic on= the subject line. We are trying to implement DNSSEC for our static zones.= While the dynamic signing has been automated, static inline-signing isn't = available until Bind 9.9 We have been testing with the alphas and now with the beta. What we are see= ing is that whenever named starts, it initially creates the signed static z= one file, but never really finishes. The logging shows: 10-Nov-2011 14:38:14.766 general: error: zone xxxxxx.org/IN (signed): not l= oaded due to errors. 10-Nov-2011 14:38:14.766 general: info: zone localhost/IN: loaded serial 42 10-Nov-2011 14:38:14.767 general: notice: all zones loaded 10-Nov-2011 14:38:14.768 general: notice: running 10-Nov-2011 14:38:14.768 general: info: zone xxxxxx.org/IN (signed): loaded= serial 2011110905 10-Nov-2011 14:38:14.768 notify: info: zone xxxxxx.org/IN /IN (signed): sen= ding notifies (serial 2011110905) So, it doesn't load the zone due to errors, but then later claims to load t= he same zone file. Has anyone been able to get the inline-signing function to work? I've trip= le-checked my named.conf, ran named-checkzone, went to a vanilla zone file,= and even tested the zone file as dynamic (which worked). Any ideas or suggestions of where to check next are greatly appreciated. Thanks, -Kevin Kevin McConville University at Albany --_000_50332557F96B4E48BF3FD9B57AA82C220B8F9BCH1PRD0402MB120na_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I know that this isn’t the forum for betas, wh= ich is why I put off-topic on the subject line.  We are trying to impl= ement DNSSEC for our static zones. While the dynamic signing has been autom= ated, static inline-signing isn’t available until Bind 9.9

 

We have been testing with the alphas and now with th= e beta. What we are seeing is that whenever named starts, it initially crea= tes the signed static zone file, but never really finishes. The logging sho= ws:

 

10-Nov-2011 14:38:14.766 general: error: zone xxxxxx= .org/IN (signed): not loaded due to errors.

10-Nov-2011 14:38:14.766 general: info: zone localho= st/IN: loaded serial 42

10-Nov-2011 14:38:14.767 general: notice: all zones = loaded

10-Nov-2011 14:38:14.768 general: notice: running

10-Nov-2011 14:38:14.768 general: info: zone xxxxxx.= org/IN (signed): loaded serial 2011110905

10-Nov-2011 14:38:14.768 notify: info: zone xxxxxx.o= rg/IN /IN (signed): sending notifies (serial 2011110905)

 

So, it doesn’t load the zone due to errors, bu= t then later claims to load the same zone file.

 

Has anyone been able to get the inline-signing  = ;function to work? I’ve triple-checked my named.conf, ran named-check= zone, went to a vanilla zone file, and even tested the zone file as dynamic= (which worked).

 

Any ideas or suggestions of where to check next are = greatly appreciated.

 

Thanks,

 

-Kevin

 

Kevin McConville

University at Albany

 

--_000_50332557F96B4E48BF3FD9B57AA82C220B8F9BCH1PRD0402MB120na_--