Well, you didn’t say which version of ARM did you follow. Your ARM needs to match the BIND 9 version - you need to ask RH for the matching ARM.
And of course, if you find discrepancies between the BIND 9 version as provided by ISC and matching ARM as provided by ISC, we would be happy to fix it. And I need to mention that ISC provides packages for RHEL and generally recommends that user use latest upstream version of the BIND 9. Ondřej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 24. 7. 2023, at 20:15, E R <fasteddieinaus...@gmail.com> wrote: > > > As if DNSSec is not confusing enough...It seems the ARM manual that matches > my release is out of step with the web site. I followed the "Easy-Start > Guide for Signing Authoritative Zones" in the ARM manual after manually > signing my test zone for my starting point. The ARM says you ONLY need to > specify "dnssec-policy default;" in your zone, view or options clause for the > newer way to sign things. I completed the steps successfully (except for one > command that no longer works as shown in the manual which is not important). > I cannot find anything broken with BIND 9.16.23-RH (Extended Support Version) > when I follow the ARM manual. > > This document https://kb.isc.org/docs/dnssec-key-and-signing-policy says I > need to have dynamic zone for things to work. Don't need or design anything > other than a good ole static zone since an entry is changed like 3-4 times > per year. The newest ARM has a new section that mentions needing to setup > Dynamic DNS but it also states that BIND previously used implicit > inline-signing. It is really difficult for a casual observer to sort this > out. No reference to what they mean by "previously". > > Did they break builds newer than 9.16.23 and that is why I am not seeing any > issues? Or is it the fact that I am not an DNSSEC expert I am not seeing a > glaring issue? > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
