Re: dnssec-lookaside auto and managed-keys-zone problem with certain views

Evan Hunt Sun, 18 Jul 2010 10:01:58 -0700

> Is there a way of using dnssec-lookaside and forcing bind not to
> maintain a managed-keys-zone for certain views?


Sure, just do it the old way, without "dnssec-lookaside auto".
Put these in the view statement:

        dnssec-lookaside . trust-anchor dlv.isc.org;

        trusted-keys {
                dlv.isc.org. 257 3 5 
"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 
brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 
1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 
ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk 
Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM 
QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh";
        };

(Except, you know, get the key text from a secure channel or from the
signed bind9 distribution, not from email...)

--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dnssec-lookaside auto and managed-keys-zone problem with certain views

Reply via email to