Hi Mark
Heureka..., that did the trick. The zone is inline signed and after I
added the already existing DNSKEY records in the raw zone file, the
CDS/CDNSKEY deletion record was accepted and the zone was loaded.
Many thanks.
Kind regards,
Tom
On 21.02.20 21:08, Mark Andrews wrote:
> There are n
There are no DNSKEY records in that zone. CDS and CDNSKEY must be signed for
the
parent to accept them. There must be DNSKEY records present for them to be
signed.
Add a DNSKEY record to that test zone and it will load.
For inline zone just copy the final DNSKEY RRset from the signed version o
Hi Mark
Thank you for your answer. BIND is definitely running the current version:
$ rndc status
version: BIND 9.16.0 (Stable Release) ()
running on server: Linux x86_64 3.10.0-1062.4.3.el7.x86_64 #1 SMP Wed
Nov 13 23:58:53 UTC 2019
boot time: Thu, 20 Feb 2020 16:30:15 GMT
last configured: Th
Tom,
I would run ‘rndc status’ or ‘dig ch txt version.bind @server’ and confirm
that you have restarted named with the new code. I’ve had hundreds of 'bug
reports’ about non fixed bugs that where operators failing to restart named
after
installing the new version. The new code is in 9.16.0,
Hi Tom,
> On 20 Feb 2020, at 17:42, Tom wrote:
>
> Hi
>
> With 9.16.0, the CDS deletion
> (https://gitlab.isc.org/isc-projects/bind9/issues/1554) is still not working
> and is ending with the same error as bind-versions before:
>
> 20-Feb-2020 17:31:25.381 general: error: zone example.com/IN
Hi
With 9.16.0, the CDS deletion
(https://gitlab.isc.org/isc-projects/bind9/issues/1554) is still not
working and is ending with the same error as bind-versions before:
20-Feb-2020 17:31:25.381 general: error: zone example.com/IN (unsigned):
CDS/CDNSKEY consistency checks failed
20-Feb-2020
Open a ticket saying “CDS/CDNSKEY not handled when performing constancy
checks”.
--
Mark Andrews
> On 11 Jan 2020, at 07:52, Tom wrote:
>
> Hi list
>
> Using BIND 9.14.9 or BIND 9.14.8 and a zonefile with cds-deletion record:
> @ IN CDS 0 0 0 00
>
> The zon
Hi list
Using BIND 9.14.9 or BIND 9.14.8 and a zonefile with cds-deletion record:
@ IN CDS 0 0 0 00
The zone does not load with the following error:
10-Jan-2020 21:35:47.075 general: error: zone example.com/IN (unsigned):
CDS/CDNSKEY consistency checks failed
10-Jan-2020 21:35:47.076 zoneload
> BIND 9.14.8 (Stable Release)
> When I start the server, I get such a prompt. Are there any parameters I
> [can] turn off? After all, not all servers implement DNSSEC
>
> 09-Dec-2019 16:17:46.497 dnssec: warning: managed-keys-zone: Unable to
> fetch DNSKEY set '.': t
Am 09.12.19 um 09:24 schrieb Champion Xie:
> BIND 9.14.8 (Stable Release)
> When I start the server, I get such a prompt. Are there any parameters I
> 9turn off? After all, not all servers implement DNSSEC
what about
dnssec-enable no;
dnssec-validation no;
> 09-De
hi all
BIND 9.14.8 (Stable Release)
When I start the server, I get such a prompt. Are there any parameters I
9turn off? After all, not all servers implement DNSSEC
09-Dec-2019 16:17:46.497 dnssec: warning: managed-keys-zone: Unable to
fetch DNSKEY set '.': timed out
--
Be
Hi, all
When I use chroot, on the contrary this prompt message will cause confusion
to the user
Or you can specify the use of chroot in the compilation parameters, and
then prompt for the default path according to the chroot path
*BIND 9.14.8* (Stable Release)
running on Linux x86_64 3.10.0-957
12 matches
Mail list logo
