Hi all, I tried the example from page 23 with a local zone, a trusted key and inline-signing, like: --- trusted-keys { "example.com." 257 3 5 "AwEAAd5l859ggW8ZpVAQxEmugl+N/klWH+kFpcoQYGd3ngB6381lva2E IUXa2iOxJPmvYut96zUqhprlUfuEBvhU21Dd8dv7rr3Q5a+UT5XA9fUe 8ebpRn+R2YT/WPJPnwww1pEaA0DIUjntlqp6qBaaCpsN3FxeiY2zA02R usDYpxqJZk/VLZ7EcOHvHRc2Ifz/tKl/vanSyHQ6R2ClLr+ksRtV8N8f k9dqBP/xPXELAfzISwsmlXQ4fz8UzpjeDpDk2oX07v1qQCkfy17FDGJP vR5MLl1v+4S/sinXpmHDxVfbhZ1W4K9MeOh+1juZtGTY6c3WyWOKzrzT pMhikbuYoeM="; }; --- and --- zone "example.com" IN { type master; file "master/signed/example.com/example.com.zone"; update-policy local; key-directory "master/signed/example.com/"; auto-dnssec maintain; inline-signing yes; allow-query { any; }; }; --- But I'm getting no ad-flag: --- root# dig DNSKEY +dnssec example.com.
; <<>> DiG 9.9.0rc1 <<>> DNSKEY +dnssec example.com. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22049 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;example.com. IN DNSKEY ;; ANSWER SECTION: example.com. 86400 IN DNSKEY 256 3 5 AwEAAbOJTICgDlvkj+ck/K6nYBhRaLxzlgD0fiFrIzC/d9X3abRTIIXH MCrmxJLrdXjlb7s/zUl+9AaRpwF3+QjXXQh+uD5QCVB9iRJ+EWPxE1M6 5B6UL2XLrtYCUtxb2t+RHT0A5hHEBBqsExcxViydx4oIJ6Rd5dvLin7K 7l6ZU/Bf example.com. 86400 IN DNSKEY 257 3 5 AwEAAd5l859ggW8ZpVAQxEmugl+N/klWH+kFpcoQYGd3ngB6381lva2E IUXa2iOxJPmvYut96zUqhprlUfuEBvhU21Dd8dv7rr3Q5a+UT5XA9fUe 8ebpRn+R2YT/WPJPnwww1pEaA0DIUjntlqp6qBaaCpsN3FxeiY2zA02R usDYpxqJZk/VLZ7EcOHvHRc2Ifz/tKl/vanSyHQ6R2ClLr+ksRtV8N8f k9dqBP/xPXELAfzISwsmlXQ4fz8UzpjeDpDk2oX07v1qQCkfy17FDGJP vR5MLl1v+4S/sinXpmHDxVfbhZ1W4K9MeOh+1juZtGTY6c3WyWOKzrzT pMhikbuYoeM= example.com. 86400 IN RRSIG DNSKEY 5 2 86400 20120216202248 20120117192248 9765 example.com. FQSI+1SKjNuGtbNobrXIXAfKZGDrq6MWjq3O1FdMocSoLlhybTV9S98y ELPXTGg65Wfh6A0O2ebrbIGp5cJd3ncXbdGc9nkAgOh6LRqfuvzfqDnq fmUPRn7Ze8XyTHq4fhpBhe6cuNrLWn/Zw4C/8OUMDiQr75IIbsWUZnpJ qGo= example.com. 86400 IN RRSIG DNSKEY 5 2 86400 20120216202248 20120117192248 56641 example.com. DM48WcSycwGSmtmD70xCxM6fNGVxZFLtXJK9ZEH/BU0wwAwTz8eeUtHa B0Vvh4ioEOgw24bdKl3oyqk/HkG530BWwTVoRp3HzmZkdgUoFY8JEb/A CqW9NFb+H1OGTgGtnCgrI3Fc2U9f7MaQpqkt3AzYBGYtFYtDEVDzLYcf UL3Eyv3MB4F3e5NqVrSymZhpcDkqfFh7uWUTGfU06ImJ7SZVdz0JHEQ2 pcyKbS5jRrpH7yoATyyC/PzEnXIBWXSNwiveNWI2eDvC6stZa0BY5H4Z YJro2oRUozV67EtRlDryLqc4mgX0aOSr0mQHaUG2GzTc77fbiMoKRoH6 +tq1vw== --- What am I doing wrong? Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users