What Mark said.
So that would become:
dnssec-policy "mydefault" {
keys {
csk key-directory lifetime unlimited algorithm ecdsa256;
};
};
options {
dnssec-policy "mydefault";
};
On 8/4/23 01:32, Mark Andrews wrote:
You can’t define a policy there. You can tell named to use the policy.
Move the definition outside of options.
--
Mark Andrews
On 4 Aug 2023, at 08:26, E R <fasteddieinaus...@gmail.com> wrote:
My understanding from the ARM is that the dnssec-policy can be in the
"options", "view" or "zone". I have mine in "view" and when I try to
move into "options" I get a syntax error that I cannot seem to
understand what is wrong. I stripped out all other statements and
reduced the dnssec-policy to just a handful of items to KISS and I
still do not see why why I get the error from named-checkconf. I can
move the block from under "options" to the "view" and it just works so
I am not sure why named-checkconf thinks there is a missing
semicolon? Bind 9.16.23-RH.
# named-checkconf 1.conf
1.conf:3: missing ';' before '{'
1.conf:3: '}' expected near '{'
# cat 1.conf
options {
dnssec-policy "mydefault" {
keys {
csk key-directory lifetime unlimited algorithm ecdsa256;
};
};
};
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/ for more
information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users