Arun N S wrote:
>
> but with dynamic signing the logs were showing
> "dns_dnssec_findmatchingkeys: error reading key file
> Kexample.com.+008+01234.private: no engine"
>
> any idea?
Wild guess (I know nothing about PKCS#11): are you running chrooted, and
if so is the relevant
Thanks for the response.
My understanding is that, when you use native pkcs#11 it is not dependent
on the openssl engine. But yes the bind is chrooted. I tried to run it
without chroot and still got the same issue. The private key reference file
created by dnsseckey-fromlabel has the Engine
Running bind 9.10.3-7.P2, with softhsm-2.0.0rc1-3 on Fedora 23.
I was able to sign the zones with dnssec-signzone-pkcs11 command line,
# dnssec-signzone-pkcs11 example.com
Verifying the zone using the following algorithms: RSASHA2.
Zone fully signed:
Algorithm: RSASHA2: KSKs: 1 active, 0
Hello
I have a zone myzone.com where dynamic dns is active ( dhcp updates
continuously the dns )
I need to respond differently for MX requests such as :
MX for "internal" queries is mxinternal.myzone.com MX for "internet"
queries is mxexternal.myzone.com
I cannot find out how
Addition of an MX record to a dynamically-updated zone can be accomplished
multiple ways, but I’d recommend using nsupdate.
Responding differently to “internal” versus “external” queries implies views.
But, the burning questions that need to be answered are:
1) do you need those DHCP-driven
On 21/01/2016 18:41, Darcy Kevin (FCA) wrote:
If the answer to both of those questions is “yes”, then I think you’re
in for a bit of a challenge, since I don’t know that the DHCP server
Agreed, this is hard.
Personally I think views are almost always a mistake, but if OP has to
do this, the
6 matches
Mail list logo