inline-signing a zone that exists in two views

Gordon Messmer Sat, 06 May 2017 15:11:48 -0700

I have a zone that I'd like to serve in two different views, with dnssecin both views. However, this leads to a pair of error messages:


   named[858]: malformed transaction:
   dynamic/db.dragonsdawn.net.signed.jnl last serial 2017011485 !=
   transaction first serial 2017011477
   named[858]: zone dragonsdawn.net/IN/local_resolver (signed):
   zone_resigninc:dns_journal_write_transaction -> unexpected error

Is it possible to serve a second view, using the keys that aremaintained in the primary view? This might be mostly for curiosity'ssake, since the value of signed responses is reasonably low for "local"clients.



view local_resolver {
...
        zone "dragonsdawn.net" IN {
                type master;
                file "dynamic/db.dragonsdawn.net";
                update-policy local;
                key-directory "keys/dragonsdawn.net";
                inline-signing yes;
                auto-dnssec allow;
        };
};

view public {
        recursion no;
...
        zone "dragonsdawn.net" IN {
                type master;
                file "dynamic/db.dragonsdawn.net";
                update-policy local;
                key-directory "keys/dragonsdawn.net";
                inline-signing yes;
                auto-dnssec maintain;
        };
};

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

inline-signing a zone that exists in two views

Reply via email to