* Kevin Oberman:
If anyone is out there who wants to be using ISC DLV but does not want to
use the root key, comment the root key out of bind.keys.
I would really hoe that the set described above is an empty set.
It's not. We know because there is a zone availability issue in BIND
9.6-ESV
Hello,
after downloading and unpacking bind9.7.3, there's bind.keys file that
contains this comment:
# This file also contains a copy of the trust anchor for the DNS root zone
# (.). However, named does not use it; it is provided here for
# informational purposes only. To switch on DNSSEC
# This file also contains a copy of the trust anchor for the DNS root zone
# (.). However, named does not use it; it is provided here for
# informational purposes only. To switch on DNSSEC validation at the
# root, the root key below can be copied into named.conf.
Does this still apply?
On Feb 23 2011, Matus UHLAR - fantomas wrote:
Hello,
after downloading and unpacking bind9.7.3, there's bind.keys file that
contains this comment:
# This file also contains a copy of the trust anchor for the DNS root zone
# (.). However, named does not use it; it is provided here for
#
On Feb 23 2011, Evan Hunt wrote:
# This file also contains a copy of the trust anchor for the DNS root zone
# (.). However, named does not use it; it is provided here for
# informational purposes only. To switch on DNSSEC validation at the
# root, the root key below can be copied into
That may have been the intent, but I can assure you that it isn't what
actually happens!
Whoops. You're right, and it's a bug. The keys aren't read without
dnssec-lookaside auto being turned on, but if it is, then both keys are
loaded. This works correctly in 9.8, but a little piece of code
Date: Wed, 23 Feb 2011 17:32:44 +
From: Evan Hunt e...@isc.org
Sender: bind-users-bounces+oberman=es@lists.isc.org
That may have been the intent, but I can assure you that it isn't what
actually happens!
Whoops. You're right, and it's a bug. The keys aren't read without
7 matches
Mail list logo
