Re: native pkcs#11 and dynamic signing issues

Arun N S wrote: > > but with dynamic signing the logs were showing > "dns_dnssec_findmatchingkeys: error reading key file > Kexample.com.+008+01234.private: no engine" > > any idea? Wild guess (I know nothing about PKCS#11): are you running chrooted, and if so is the relevant

Re: native pkcs#11 and dynamic signing issues

Thanks for the response. My understanding is that, when you use native pkcs#11 it is not dependent on the openssl engine. But yes the bind is chrooted. I tried to run it without chroot and still got the same issue. The private key reference file created by dnsseckey-fromlabel has the Engine

native pkcs#11 and dynamic signing issues

Running bind 9.10.3-7.P2, with softhsm-2.0.0rc1-3 on Fedora 23. I was able to sign the zones with dnssec-signzone-pkcs11 command line, # dnssec-signzone-pkcs11 example.com Verifying the zone using the following algorithms: RSASHA2. Zone fully signed: Algorithm: RSASHA2: KSKs: 1 active, 0

Overriding a single record with dynamic-dns

Hello  I have a zone myzone.com where dynamic dns is active ( dhcp updates continuously the dns )  I need to respond differently for MX requests  such as :  MX for "internal"   queries  is    mxinternal.myzone.com MX for "internet"   queries   is   mxexternal.myzone.com  I cannot find out how

RE: Overriding a single record with dynamic-dns

Addition of an MX record to a dynamically-updated zone can be accomplished multiple ways, but I’d recommend using nsupdate. Responding differently to “internal” versus “external” queries implies views. But, the burning questions that need to be answered are: 1) do you need those DHCP-driven

Re: Overriding a single record with dynamic-dns

On 21/01/2016 18:41, Darcy Kevin (FCA) wrote: If the answer to both of those questions is “yes”, then I think you’re in for a bit of a challenge, since I don’t know that the DHCP server Agreed, this is hard. Personally I think views are almost always a mistake, but if OP has to do this, the