I know that this isn't the forum for betas, which is why I put off-topic on the subject line. We are trying to implement DNSSEC for our static zones. While the dynamic signing has been automated, static inline-signing isn't available until Bind 9.9
We have been testing with the alphas and now with the beta. What we are seeing is that whenever named starts, it initially creates the signed static zone file, but never really finishes. The logging shows: 10-Nov-2011 14:38:14.766 general: error: zone xxxxxx.org/IN (signed): not loaded due to errors. 10-Nov-2011 14:38:14.766 general: info: zone localhost/IN: loaded serial 42 10-Nov-2011 14:38:14.767 general: notice: all zones loaded 10-Nov-2011 14:38:14.768 general: notice: running 10-Nov-2011 14:38:14.768 general: info: zone xxxxxx.org/IN (signed): loaded serial 2011110905 10-Nov-2011 14:38:14.768 notify: info: zone xxxxxx.org/IN /IN (signed): sending notifies (serial 2011110905) So, it doesn't load the zone due to errors, but then later claims to load the same zone file. Has anyone been able to get the inline-signing function to work? I've triple-checked my named.conf, ran named-checkzone, went to a vanilla zone file, and even tested the zone file as dynamic (which worked). Any ideas or suggestions of where to check next are greatly appreciated. Thanks, -Kevin Kevin McConville University at Albany
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
