Module Name: src
Committed By: christos
Date: Thu Apr 25 20:28:06 UTC 2013
Modified Files:
src/etc: named.conf
Log Message:
- read the root keys from our file
- explain what happens if we get clock skew
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/etc/named.conf
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/etc/named.conf
diff -u src/etc/named.conf:1.6 src/etc/named.conf:1.7
--- src/etc/named.conf:1.6 Tue Aug 24 09:18:58 2010
+++ src/etc/named.conf Thu Apr 25 16:28:05 2013
@@ -1,14 +1,20 @@
-# $NetBSD: named.conf,v 1.6 2010/08/24 13:18:58 christos Exp $
+# $NetBSD: named.conf,v 1.7 2013/04/25 20:28:05 christos Exp $
# boot file for secondary name server
# Note that there should be one primary entry for each SOA record.
+# If you cannot get DNSSEC to work, and you see the following message:
+# DNSKEY: verify failed due to bad signature (keyid=19036): \
+# RRSIG validity period has not begun
+# Fix your clock. You can comment out the dnssec entries temporarily to
+# get to an ntp server.
options {
directory "/etc/namedb";
dnssec-enable yes;
- dnssec-validation yes;
+ dnssec-validation auto;
dnssec-lookaside auto;
managed-keys-directory "keys";
+ bindkeys-file "bind.keys";
allow-recursion { localhost; localnets; };
#
