i'm seeing unexpected behavior that seems to be related to using dnssec and
having a view defined for the chaos class.
named complains:
01-Dec-2011 22:47:34.712 general: info: managed-keys-zone ./IN/default: loaded
serial 11
01-Dec-2011 22:47:34.712 general: error: managed-keys-zone ./CH/chaos: loading
from master file
/etc/bind/keys/managed/5d5bddb577102d0a960bcf6fea9050c10fe5e9feddcb5c2170ccab872db9ee87.mkeys
failed: file not found
01-Dec-2011 22:47:34.712 general: info: managed-keys-zone ./CH/chaos: loaded
serial 0
01-Dec-2011 22:47:34.716 general: notice: running
if i remove the view, named doesn't complain. why is named trying to do dnssec
stuff for objects in the chaos class? that was the surprising bit. a few
details below.
thanks
-ben
>named -V
BIND 9.8.1 built with '--prefix=/usr' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var'
'--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
'--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE
-O2'
using OpenSSL version: OpenSSL 1.0.0e 6 Sep 2011
using libxml2 version: 2.7.8
>named-checkconf -p
options {
bindkeys-file "/etc/bind/keys/dnssec/bind.keys";
blackhole {
"bogon";
};
directory "/var/cache/bind";
dump-file "/var/log/named/named.dump";
interface-interval 0;
managed-keys-directory "/etc/bind/keys/managed";
memstatistics-file "/var/log/named/named.memstats";
recursing-file "/var/log/named/named.recursing";
statistics-file "/var/log/named/named.stats";
allow-query-cache {
"loopback";
"physical_interfaces";
};
allow-query-cache-on {
"loopback";
"physical_interfaces";
};
allow-recursion {
"loopback";
"physical_interfaces";
};
allow-recursion-on {
"loopback";
"physical_interfaces";
};
dnssec-lookaside auto;
dnssec-validation auto;
minimal-responses yes;
allow-query {
"any";
};
allow-query-on {
"loopback";
"physical_interfaces";
};
allow-transfer {
"loopback";
"physical_interfaces";
"slaves";
};
notify no;
zone-statistics yes;
};
view "default" in {
match-clients {
"any";
};
};
view "chaos" chaos {
match-clients {
"any";
};
zone "." {
type hint;
file "/dev/null";
};
zone "bind" {
type master;
file "/srv/dns/zones/system/db.bind";
};
zone "server" {
type master;
file "/srv/dns/zones/system/db.server";
};
allow-query-cache {
"none";
};
allow-query-cache-on {
"none";
};
allow-recursion {
"none";
};
allow-recursion-on {
"none";
};
dnssec-enable no;
dnssec-validation no;
allow-query {
"loopback";
"physical_interfaces";
};
allow-query-on {
"loopback";
"physical_interfaces";
};
allow-transfer {
"none";
};
};
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
