> When I run a BIND with "auto-dnssec maintain" and "inline-signing > yes", if I create no key, there is no error message and, worse, the > log file says the zone is signed:
Thanks for pointing this out. It's not really an error, but the log should certainly be clearer about what's going on. An inline-signing zone is represented internally as *two* zone objects, one to hold the original unsigned data, and the other the signed. These zones are differentiated in the log file by the labels "(unsigned)" and "(signed)", regardless of whether signing in fact taken place yet. A zone that is to be signed, but can't find a key to sign with, simply waits quietly until a key is provided. Presumably you're planning to create the keys and run "rndc loadkeys" later. We ought to be logging this condition, but it's not an error. If you report this to bind9-b...@isc.org we'll address it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
