Re: root zone initial key in bind.keys

2011-02-24 Thread Florian Weimer
* Kevin Oberman: If anyone is out there who wants to be using ISC DLV but does not want to use the root key, comment the root key out of bind.keys. I would really hoe that the set described above is an empty set. It's not. We know because there is a zone availability issue in BIND 9.6-ESV

root zone initial key in bind.keys

2011-02-23 Thread Matus UHLAR - fantomas
Hello, after downloading and unpacking bind9.7.3, there's bind.keys file that contains this comment: # This file also contains a copy of the trust anchor for the DNS root zone # (.). However, named does not use it; it is provided here for # informational purposes only. To switch on DNSSEC

Re: root zone initial key in bind.keys

2011-02-23 Thread Evan Hunt
# This file also contains a copy of the trust anchor for the DNS root zone # (.). However, named does not use it; it is provided here for # informational purposes only. To switch on DNSSEC validation at the # root, the root key below can be copied into named.conf. Does this still apply?

Re: root zone initial key in bind.keys

2011-02-23 Thread Chris Thompson
On Feb 23 2011, Matus UHLAR - fantomas wrote: Hello, after downloading and unpacking bind9.7.3, there's bind.keys file that contains this comment: # This file also contains a copy of the trust anchor for the DNS root zone # (.). However, named does not use it; it is provided here for #

Re: root zone initial key in bind.keys

2011-02-23 Thread Chris Thompson
On Feb 23 2011, Evan Hunt wrote: # This file also contains a copy of the trust anchor for the DNS root zone # (.). However, named does not use it; it is provided here for # informational purposes only. To switch on DNSSEC validation at the # root, the root key below can be copied into

Re: root zone initial key in bind.keys

2011-02-23 Thread Evan Hunt
That may have been the intent, but I can assure you that it isn't what actually happens! Whoops. You're right, and it's a bug. The keys aren't read without dnssec-lookaside auto being turned on, but if it is, then both keys are loaded. This works correctly in 9.8, but a little piece of code

Re: root zone initial key in bind.keys

2011-02-23 Thread Kevin Oberman
Date: Wed, 23 Feb 2011 17:32:44 + From: Evan Hunt e...@isc.org Sender: bind-users-bounces+oberman=es@lists.isc.org That may have been the intent, but I can assure you that it isn't what actually happens! Whoops. You're right, and it's a bug. The keys aren't read without