Bind 9.9.0b2 inline signing...

McConville, Kevin Tue, 22 Nov 2011 08:59:56 -0800

I have opened up a Bug ticket with ISC on this - #26676, but I just wanted to 
make sure that I'm not doing anything "wrong" that may be causing the issue.


Has anyone been able to get inline-signing to work on a static master zone 
using an authoritative server?

When we manually change the Master static zone file - ualbanytest.org - the 
signed and signed.jnl files are not getting an update - as shown by the 
time/date stamps below (just using rndc reload).

-rw-rw-r-- 1 named root   1077 Nov 22 11:22 ualbanytest.org
-rw------- 1 named named  9415 Nov 22 11:14 ualbanytest.org.signed
-rw------- 1 named named 12041 Nov 22 11:02 ualbanytest.org.signed.jnl

The log shows the correct serial for the unsigned zone, but then pulls the 
wrong signed file.
>>>>>>>
22-Nov-2011 11:25:28.314 general: info: received control channel command 
'reload'
22-Nov-2011 11:25:28.314 general: info: loading configuration from 
'/etc/named.conf'
22-Nov-2011 11:25:28.315 general: info: using default UDP/IPv4 port range: 
[1024, 65535]
22-Nov-2011 11:25:28.315 general: info: using default UDP/IPv6 port range: 
[1024, 65535]
22-Nov-2011 11:25:28.316 general: info: sizing zone task pool based on 4 zones
22-Nov-2011 11:25:28.318 general: info: zone ualbanytest.org/IN (signed): 
(master) removed
22-Nov-2011 11:25:28.318 general: info: reloading configuration succeeded
22-Nov-2011 11:25:28.318 general: info: reloading zones succeeded
22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (unsigned): 
loaded serial 2011112201
22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (signed): 
loaded serial 2011112114 (DNSSEC signed)
22-Nov-2011 11:25:28.320 general: notice: all zones loaded
22-Nov-2011 11:25:28.320 general: notice: running
22-Nov-2011 11:25:28.320 general: info: zone ualbanytest.org/IN (signed): 
reconfiguring zone keys
22-Nov-2011 11:25:28.321 general: info: zone ualbanytest.org/IN (signed): next 
key event: 22-Nov-2011 11:35:28.321
22-Nov-2011 11:25:28.321 notify: info: zone ualbanytest.org/IN (signed): 
sending notifies (serial 2011112114)
>>>>>>>

>From Named.conf:

>>>>>>>>>>>>>>>>>>>>>>>>
options {
                directory       "/conf";
                pid-file        "/var/run/named.pid";
                statistics-file "/var/run/named.stats";
                dump-file       "/var/run/named.db";
                version         "[secured]";
                dnssec-enable yes;
        sig-validity-interval 10;
        dnssec-loadkeys-interval 10;
        empty-zones-enable no;
};

# DNSSEC Zone
zone "ualbanytest.org" {
     type master;
     file "ualbanytest.org";
     auto-dnssec maintain;
     inline-signing yes;
     key-directory "/conf";
     serial-update-method increment;
};

>>>>>>>>>>>>>>>>>>>>>

Has anyone gotten this to work on an authoritative (meaning that I am missing 
something) or is it a "real" bug? I just don't want to be claiming it's a "bug" 
if it's something that I messed up or fat fingered :)

Thanks you all in advance.

Thanks,

-Kevin


Kevin McConville

University at Albany

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

Bind 9.9.0b2 inline signing...

Reply via email to