sorry for the top box on alan clegg
Le lundi 27 décembre 2010 à 08:48 -0500, Alan Clegg a écrit :
> On 12/27/2010 1:07 AM, fakessh wrote:
>
> > good day and merry christmas.
>
> Thanks, and to you as well.
>
> > I just put in place guidelines in bind config to update the signatures
> > dnssec
> > I'm looking for options that require the least amount of maintenace that
> > all updates of signatures are performed without any external intervention
> >
> > i quote my named conf
> >
> > zone "fakessh.eu" {
> > type master;
> > file "/var/named/fakessh.eu.hosts";
> > auto-dnssec maintain;
> > update-policy local;
> > key-directory "/var/named/keyset-fakessh.eu";
> > allow-transfer { 213.251.188.140;87.98.164.164;
> > 195.234.42.1;94.23.59.30; };
> > };
> >
> > is what the guidelines are good options
>
> A bit more interesting is the command that you used to sign the zone.
> When signatures reach 3/4 lifetime, the associated record is
> automatically re-signed.
>
> Additionally, when new keys are made available signatures will created
> based on the timing meta-data in the keys..
>
> Overall, the defaults seem to be "good enough" for nearly everyone.
>
> AlanChello responsible bind community. you gave me the answer, thank you to my question but I am having new problems. I encounter errors during the self resignatures i quote my multiple error : I do not know what it is Dec 28 22:04:02 r13151 named-sdb[24511]: /var/named/renelacroute.fr.hosts.jnl: create: permission denied Dec 28 22:04:02 r13151 named-sdb[24511]: zone nicolaspichot.fr/IN: zone_resigninc:dns_journal_open -> unexpected error Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file fakessh.eu/DSA/9552: file not found Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file fakessh.eu/DSA/47103: file not found Dec 28 22:04:02 r13151 named-sdb[24511]: zone r13151.ovh.net/IN: sending notifies (serial 2010111401) Dec 28 22:04:02 r13151 named-sdb[24511]: zone renelacroute.fr/IN: zone_resigninc:dns_journal_open -> unexpected error Dec 28 22:04:02 r13151 kernel: Shorewall:fw2net:ACCEPT:IN= OUT=eth0 SRC=94.23.60.214 DST=88.191.64.64 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=14118 PROTO=UDP SPT=41425 DPT=53 LEN=128 Dec 28 22:04:02 r13151 named-sdb[24511]: zone fakessh.eu/IN: setting keywarntime to 1294213060 - 7 days Dec 28 22:04:03 r13151 kernel: Shorewall:fw2net:ACCEPT:IN= OUT=eth0 SRC=94.23.60.214 DST=88.191.64.64 LEN=148 TOS=0x00 PREC=0x00 TTL=64 ID=14119 PROTO=UDP SPT=35445 DPT=53 LEN=128 Dec 28 22:04:03 r13151 named-sdb[24511]: zone nicolaspichot.fr/IN: sending notifies (serial 2010120601) Dec 28 22:04:03 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file nicolaspichot.fr/DSA/37015: file not found Dec 28 22:04:03 r13151 named-sdb[24511]: /var/named/fakessh.eu.hosts.jnl: create: permission denied Dec 28 22:04:03 r13151 named-sdb[24511]: zone fakessh.eu/IN: zone_resigninc:dns_journal_open -> unexpected error Dec 28 22:04:03 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file nicolaspichot.fr/DSA/7246: file not found Dec 28 22:04:03 r13151 named-sdb[24511]: zone renelacroute.fr/IN: sending notifies (serial 2010120601) Dec 28 22:04:03 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file fakessh.eu/DSA/9552: file not found Dec 28 22:04:04 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file fakessh.eu/DSA/47103: file not found Dec 28 22:04:04 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file renelacroute.fr/DSA/64823: file not found Dec 28 22:04:04 r13151 named-sdb[24511]: /var/named/nicolaspichot.fr.hosts.jnl: create: permission denied Dec 28 22:04:04 r13151 named-sdb[24511]: zone fakessh.eu/IN: zone_resigninc:dns_db_getsigningtime -> not found Dec 28 22:04:04 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file renelacroute.fr/DSA/57237: file not found Dec 28 22:04:04 r13151 named-sdb[24511]: zone nicolaspichot.fr/IN: zone_resigninc:dns_journal_open -> unexpected error Dec 28 22:04:04 r13151 named-sdb[24511]: zone renelacroute.fr/IN: setting keywarntime to 1294212898 - 7 days Dec 28 22:04:04 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file nicolaspichot.fr/DSA/37015: file not found Dec 28 22:04:05 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file nicolaspichot.fr/DSA/7246: file not found Dec 28 22:04:05 r13151 named-sdb[24511]: /var/named/renelacroute.fr.hosts.jnl: create: permission denied Dec 28 22:04:05 r13151 named-sdb[24511]: zone nicolaspichot.fr/IN: zone_resigninc:dns_db_getsigningtime -> not found Dec 28 22:04:05 r13151 named-sdb[24511]: zone renelacroute.fr/IN: zone_resigninc:dns_journal_open -> unexpected error > > gpg --keyserver pgp.mit.edu --recv-key 092164A7 > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
signature.asc
Description: Ceci est une partie de message numériquement signée
_______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
