@lbutlr <[email protected]> wrote:
>
> Nope, now the .signed file isn’t touched at all after the zone file is edited.
>
> zone "example.com" {
> type master;
> file "master/example.com.signed";
> update-policy local;
> auto-dnssec maintain;
> };
It sounds to me like you are expecting it to work in inline-signing mode,
but you have not configured it that way. With the configuration above,
`named` will never read or write to the unsigned zone.
You might want a config like
zone "example.com" {
type master;
file "master/example.com";
update-policy local;
auto-dnssec maintain;
inline-signing yes;
};
Alternatively, with your current config you can update the zone using
https://dotat.at/prog/nsdiff/ like this:
nsdiff example.com master/example.com | nsupdate -l
Tony.
--
f.anthony.n.finch <[email protected]> http://dotat.at/
Portland, Plymouth, Biscay, East Fitzroy: Southeasterly 4 or 5, occasionally 6
in Plymouth and Fitzroy, becoming variable 3 or 4 later. Moderate or rough,
occasionally very rough except in Portland. Fair, but rain in Fitzroy. Good,
occasionally poor._______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
