Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #16004
| Path | csiph.com!newsfeed.xs4all.nl!newsfeed9.news.xs4all.nl!feeder.usenetexpress.com!tr2.eu1.usenetexpress.com!news.uzoreto.com!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Josef Moellers <jmoellers@suse.de> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: /etc/bind.keys in a chrooted environment |
| Date | Wed, 22 Jul 2020 16:51:57 +0200 |
| Lines | 32 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.746.1595429488.942.bind-users@lists.isc.org> (permalink) |
| References | <0e03752f-9ce1-ff80-ee4b-14416e94cbde@suse.de> <41683619-f25c-29ff-f1b8-78bc8625858f@ripe.net> <d379bee3-e9e5-a9e8-49d9-b92a6bab34a3@suse.de> <295f1ecf-341a-fdc4-96d9-503776a411e7@ripe.net> <2193fa25-9b7c-6a01-ede7-e6d46676cd32@suse.de> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 8bit |
| X-Trace | usenet.stanford.edu 1595429526 1865 149.20.1.60 (22 Jul 2020 14:52:06 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | Anand Buddhdev <anandb@ripe.net>, bind-users@lists.isc.org |
| Return-Path | <jmoellers@suse.de> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| X-Virus-Scanned | by amavisd-new at test-mx.suse.de |
| Autocrypt | addr=jmoellers@suse.de; prefer-encrypt=mutual; keydata= xsFNBFZCOZIBEADO1jj3wmrKqK9Cek53m91rmD6X7YT3z9ejhc09DkR5WSItF87UdhrMAZqe 9EhAdYyuJX5Bwb43ZjVU4wg5O7A3aakc1Nsijt7ka1+siWyM7KLkWUG2pahyAldOh2WtnEgY HQjnXM/eq9RCDR5wh0fAFGLuzpTgeBs8IzvUnz7q33eUcwDYByzBQES0nk2tbsXsk1Fd/HGu z9rJOgDdwdZL0JMPfFEykgySVjGBFSdrDCSR1aGmWCS0SSTL+1FKhsFbUGM1+guv/Mw2JauT iaJkedUSFToCIZPny2dcaHm8LG8rFe/im0wpaPtdI3c2Tf1QUh0mWXAwSUEiH+tGabhuLNzA L49cVb4GuITUb2mI5XlmTFwV+TihDumJ+bgus7goDVqY94UGIq3kWa8SwRFqnE+1onfaRBAZ hcB+zy5y9lyWM5ZSPUkeiecfzG7PylFYUxUWsWrJKj587MwUj2Fe4SYi9OinakBWiMxSvp6n BO6YHjWk1sEALYHNRKElQWv75ddOwt020v3beZwnlZC/SNBf9znsgdWAUnnIHHOdJk9b7Lc1 FnBCqzg14659lqa96HKJKlUCiW6jBqV4b8+2Ou8IbCHq9lQhmlYL+dibIJ5lgxkjqZl4nFHI TTnjLntNdNVqxRKKJoVq2VVVg9Wve2WnYVjpUFqUpvrjAybeeQARAQABzTRKb3NlZiBNw7Zs bGVycyAoU3VTRSBMaW51eCBHbWJIKSA8am1vZWxsZXJzQHN1c2UuZGU+wsF3BBMBAgAhBQJX fgpsAhsDBgsJCAcDAgYVCAIJCgsDFgIBAh4BAheAAAoJEI6bsj2ds39FA/MQAL07dd604Dp1 gJsW8fKOku574PwdNhnLslXPfSf2QNmE6UCC8OH7hhPjeooz816B++PdSqHc+NpK3qAsSEv4 FdUWc3oj9Mw4EE3JPlBXUzh8iNF2LQAaSavvr9h4twDJFfVjAg7Vc3zlwHcVyW0Tl/uIyjYq 9oaTtaBC53OJ+dK1D26iJRs63jVCMGP7LSuCN1UBYvgXQ1v96RdppFKz2CjxV6XJIP62BZMs uz+W+OQ6m/8026032jDLJUy22Nmy1yjjZ2mYGuRTuOr1PFANEqZCV1DZNhCX/01OwXPWXV1S 4q76k9YPMIQt+w5iHOritQG+LlnlCBHkTDkV7oteSRe2gRILYkYckx5PUilDY7ynvil132ri SqzQdfNMjbOZ/eSJAlEdwbblQormXGDxEPPDIbsSa+NvBeXVtV1PnkY96ClC7yg0LPV+h9NP czusRgOD6yrVDnrS7nnsLrMm9+EMbj0x880HREWOxV5GxmC3Kniu+1EX3rmxVb1ryEDj8zKB fOi46KVuAdpJgBpTS7+IRgsPy5P6nrwyspNvbupqnXs6dSCFmJafZhg2271WS3d9JiqKVhef bo+aLxzo4y8H4VuUxTGlpuSp0sJbMhwSZiaTYM82UoxTpNbLqE7ZxpJHuWMJQ2r6ZAserpm/ K7Ul4OD+gxZyDJjn+sl4rfsmzsFNBFZCOZIBEADMafXvXbJbdL8Yacs/Nco7zWslxUx6qWm6 Qh2OXmApaLCkEc81ELzY4qzPItisMvgPGGDS6FTWS+tQTdKvSsT3vak5xnPP06K+hhZBuEDq ioR30UVyNh52Iu8xSJ2Uf1Y05wInjHx8a7u432E2wbhTaQyIP/dmXfnW7LXyR+RaVLl9HKgI aAZICfC7woTnJIA6o3cG+Ct9zgRMFd/VthIDEXmhZGXrHv/nmG36vcX0Uy5dVEauOCh2twTW NI10Ut7keZ/lPM+2qw4PUiYKj84U2r/V8wVzPpMt7JksXS2me498EXnjXGxjZfpS0YYCjnfC PGAdTxqBQhBZCIz2HfuAZ8OAp7t7BQgbJHPkEWUqdZBjhYglv7MJVPm1uDIHWu6X6QXUCgov ZmAVYvE6jZgsYNDWFUO2dRpqMnKg+6KSaisDdswsvEs0P9n+0cHzdb++j+jnH+3HY5a6787e Zwl8IIBy4loh7G18vR4nHYJsfGzkGIBWmq5aoq1SCSbiChpaNnS0Z9ZW81p/ny4yLyuPEguF ncPZDEHV15h0oyM6dWLA/zRJvTLtfIeXpPlYccceUp2gTAWWjYitjAqRTmuv2O0eJImxNWf6 rw5LrS2/wHuI6oEvDW0I1J40osLRiY6ehESOh/El/OxxQpO03yqEzrvMccsWwxcIhWZHrYSZ 3QARAQABwsFfBBgBAgAJBQJWQjmSAhsMAAoJEI6bsj2ds39F49gQAMJojFSCd6fglZNxjo5p G3dIiv4CkEYA6zt3rg1BtGuWRQVgUaUtXR2uuU0rJu7fqESq0XWM/FPB5H/9y6QiuADj0lvx 2OrbvFssvh+KEqmLF6QkrBHPv+IxjY2G74W8F+et2MpmQW3ZD33IbdJ1EP2hzDCuKtQs4G6F 36P/nMX1BqsgdLa6O9BC72Q9zJ5ETA0SEG0EfLAPXlkyxL2Kjih1zhhxr93V/Z+ukZIAjNi+ QAJzYAAxrZxtj1EjD+vrA+xm73fqtkGPgDNKHzDQoVL7LNf/vxmU9qaf/bnntGWPp4vKxJVI aw94lCGl/qtrkeG/Af99Wtczj1aPpIMwa4QOvvueawSvYMYovucIrwXXf57BxaupdjbR/vNK KPz8IlWVD/j/XFunE/7iURHBLg9T5Mf+M4/10bwcXYvtGrEI4sSVOSQ34/J4lsxws8E3Eons KQ4YGAdMTOptSRVoxYnkoP6XalVqLFMtStiaB3uzZ8Or7rpYwLpC3C1O3VwZxhMjStLwMYS1 XK6J9/LBjePden0V7yWf/LoNLkckr+dWFM1sNrvtzEEIaPyGBcWN1hcjZ4G5kRtQOGcT25hC GZlG7IYZZyyCqlDFPz46QyR6ThjBgvQT3ggoojWHNYtGrIgD5D2+zQBskSe/GpXjPahdeOSK 7kADtm+NISzmmhDK |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 |
| In-Reply-To | <295f1ecf-341a-fdc4-96d9-503776a411e7@ripe.net> |
| Content-Language | en-US |
| X-Spam-Status | No, score=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2 |
| X-Spam-Checker-Version | SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <2193fa25-9b7c-6a01-ede7-e6d46676cd32@suse.de> |
| X-Mailman-Original-References | <0e03752f-9ce1-ff80-ee4b-14416e94cbde@suse.de> <41683619-f25c-29ff-f1b8-78bc8625858f@ripe.net> <d379bee3-e9e5-a9e8-49d9-b92a6bab34a3@suse.de> <295f1ecf-341a-fdc4-96d9-503776a411e7@ripe.net> |
| Xref | csiph.com comp.protocols.dns.bind:16004 |
Show key headers only | View raw
On 22.07.20 16:41, Anand Buddhdev wrote: > On 22/07/2020 15:30, Josef Moellers wrote: > >>> Or just ignore the warning, and let BIND use its built-in keys. >> >> If /etc/bind.keys contains some additional keys, this will not work ;-) > > Sure, but what additional keys do you expect this file to contain? Are > you serving an alternate signed root zone? I'm not really sure what the partner wants to add, I have the slight feeling that the remark about manually added keys was made by a third person assuming ... It turns out that it is mainly the warning the partner is irritade about. So, let me put the question the other way round: what would happen if we *always* copied /etc/bind.keys to the chroot environment? If there would be no harm, I could easily add that to eg /etc/init.d/named or the systemd service file. But the question now is: does it do any harm? Thanks, Josef -- SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nürnberg Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Felix Imendörffer
Back to comp.protocols.dns.bind | Previous | Next | Find similar | Unroll thread
Re: /etc/bind.keys in a chrooted environment Josef Moellers <jmoellers@suse.de> - 2020-07-22 16:51 +0200
csiph-web