On 2020-03-27 00:34, Shumon Huque wrote:
In fact, "rndc zonestatus" reports the same for a very simple
dnssec-policy test on a local zone I did:
$ rndc zonestatus foo.test
name: foo.test
type: master
files: zones/foo.test/zonefile
serial: 100251
signed serial: 100257
nodes: 5
last loa
On 2020-03-26 23:00, Mark Andrews wrote:
dnssec-policy should be independent of inline-signing. If it isn’t then it is
a bug.
It just people like editing master files rather than using nsupdate to make
changes.
Ok, thank you for clarifying what should be expected.
I guess that leaves the q
little awkward?
On that note, combining "dnssec-policy x" with "inline-signing no" does
not seem to be handled gracefully.
This makes me suspect that it's not an intended scenario, is that correct?
/Håkan
On 2020-03-25 16:57, Håkan Lindqvist via bind-users wrote:
On 2
On 2020-03-25 14:03, Matthijs Mekking wrote:
Existing keys do not have a .state file, and so named will try to match
those keys with the policy by looking at the data in the .key and
.private files. However, perhaps some metadata is different? If so the
keys don't match the policy and named will
Hello,
I have seen essentially this same question/problem posed by others in
other forums but never seen any proper answers to it.
I have now tried this myself with BIND 9.16.1 and faced the exact same
issue that I had previously read about.
How does one migrate an already signed zone from "a
5 matches
Mail list logo
