Re: inline-signing a zone that exists in two views

On Fri, May 19, 2017 at 8:56 AM, Matus UHLAR - fantomas wrote: > Gordon Messmer wrote: >>> > Is it considered best-practice (or just normal) for authoritative >>> > servers to just not use the local server for resolution? >>> >> > On Wed, May 10,

Re: inline-signing a zone that exists in two views

Gordon Messmer wrote: > Is it considered best-practice (or just normal) for authoritative > servers to just not use the local server for resolution? On Wed, May 10, 2017 at 5:56 AM, Tony Finch wrote: Mine don't :-) On 18.05.17 16:38, Bob Harold

Re: inline-signing a zone that exists in two views

On Wed, May 10, 2017 at 5:56 AM, Tony Finch wrote: > Gordon Messmer wrote: > ... > > > Is it considered best-practice (or just normal) for authoritative > > servers to just not use the local server for resolution? > > Mine don't :-) > > Tony. > > My

Re: inline-signing a zone that exists in two views

Gordon Messmer wrote: > > I'm happy that it's working, but it seems like it was fairly difficult to get > right. Am I doing an unusual thing? Yes, it is fiddly, and a relatively common problem - which is why in-view was introduced! > Is it considered best-practice (or

Re: inline-signing a zone that exists in two views

On 05/09/2017 03:15 AM, Tony Finch wrote: The classic solution is to make one view a slave of the other. Configure the slave zone with `masters { localhost key my-tsig; };` and configure the master view with `match-clients { key my-tsig; };`. OK, I think I've got this nailed down. I had to

Re: inline-signing a zone that exists in two views

Gordon Messmer wrote: > On 05/08/2017 03:26 AM, Tony Finch wrote: > > You can't have zones in different views (which sre by implication > > different zones, or different versions of the same zone) pointing to the > > same files on disk, because updates to one version

Re: inline-signing a zone that exists in two views

On 05/08/2017 03:26 AM, Tony Finch wrote: Gordon Messmer wrote: I have a zone that I'd like to serve in two different views, with dnssec in both views. You can't have zones in different views (which sre by implication different zones, or different versions of the

Re: inline-signing a zone that exists in two views

Gordon Messmer wrote: > I have a zone that I'd like to serve in two different views, with dnssec in > both views. You can't have zones in different views (which sre by implication different zones, or different versions of the same zone) pointing to the same files on

inline-signing a zone that exists in two views

I have a zone that I'd like to serve in two different views, with dnssec in both views. However, this leads to a pair of error messages: named[858]: malformed transaction: dynamic/db.dragonsdawn.net.signed.jnl last serial 2017011485 != transaction first serial 2017011477