I'm working on a script that automatically renews DNS keys:
https://bitbucket.org/gordonmessmer/update-dns-keys/src
After new keys are introduced, and after the old key has expired, the
old keys are removed (at job, lines 122 and 123). When the expired keys
are removed from the filesystem, na
I have a zone that I'd like to serve in two different views, with dnssec
in both views. However, this leads to a pair of error messages:
named[858]: malformed transaction:
dynamic/db.dragonsdawn.net.signed.jnl last serial 2017011485 !=
transaction first serial 2017011477
named[858]:
On 05/08/2017 03:22 AM, Tony Finch wrote:
Gordon Messmer wrote:
After new keys are introduced, and after the old key has expired,
Wait right there!
dnssec-settimes has two times that are usually relevant to the old key
when rolling keys: the retire time and the delete time. (There's a
On 05/08/2017 03:26 AM, Tony Finch wrote:
Gordon Messmer wrote:
I have a zone that I'd like to serve in two different views, with dnssec in
both views.
You can't have zones in different views (which sre by implication
different zones, or different versions of the same zone) point
On 05/09/2017 03:15 AM, Tony Finch wrote:
The classic solution is to make one view a slave of the other. Configure
the slave zone with `masters { localhost key my-tsig; };` and configure
the master view with `match-clients { key my-tsig; };`.
OK, I think I've got this nailed down. I had to mo
5 matches
Mail list logo
