Hi again. So finally i was able to sign my zone thanks to a different (older) tutorial. I specified dnssec-signzone with flags -o and -S and it worked!
If anyone could please answer these questions, I would appreciate it 1) do I need to generate those 2 .key and .private files if I intend to sign my several reverse zones? - I think so. 2) What happens if I need to change a record in my zone.signed file? Do I need to sign it again? Please remember my bind version is 9.8.2 so I have to automatic mechanisms. Thank you very much! ------------------------------------------------- Mensagem Original -------------------------------------------------- Assunto: dnssec-signzone De: "David Alexandre M. de Carvalho" <[email protected]> Data: Seg, Abril 6, 2020 4:05 pm Para: [email protected] ---------------------------------------------------------------------------------------------------------------------- Hi all. So I'm still fighting with dnssec in BIND 9.8.2 (oracle linux 6). Unfortunately no automatic sigining before Bind 9.9, from what I read. I can't sign my zone, I keep getting "dnssec-signzone: fatal: No signing keys specified or found." By now I've tried to move the files generated with dnssec-keygen but no success. I'm using bind-chroot and created a temp folder /var/named/my_keys. Here, I've created the 2 .key and .private files. Since dnssec-signzone couldn't find the keys (even specifying -k or -K), I've copied them to /etc/pki/dnssec-keys and run the command with the same result. Now, I've copied all the key and private files to /var/named/chroot/var/named where my zone file exists (di.hosts) running from there, I also get "dnssec-signzone: fatal: No signing keys specified or found." I changed the owner and group to "named", and they are both readable. Could anyone please tell me what am I doing wrong? also, do I need to generate those 2 .key and .private files if I intend to sign my several reverse zones? Thank you very much! Regards Os melhores cumprimentos David Alexandre M. de Carvalho --------------------------------------- Especialista de Informática Departamento de Informática Universidade da Beira Interior _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
