On Thu, Apr 13, 2023 at 11:38:15AM +0100, David Carvalho wrote: > Problem number 1: Dnssec seems to be running on "di.ubi.pt", but > dnssec-validation still needs to be set to no; Will this cause troubles? > Dns2 is set to auto and runs fine.
>From here, di.ubt.pt appears to be properly signed and everything's working from here. Turning off validation won't have any affect on that. Your only problem is with local recursive service. > Problem number 2: How can I avoid the key regeneration (using version > 9.16.23) every named restart? I'm not certain what you mean by key regeneration. Taking a stab in the dark: Check that the working directory for named is writable. If named can't write files, then it can't save trust anchor status across restarts and it has to reinitialize each time. If that doesn't turn out to be the problem, then can show me the relevant lines from your log file so I can see what you're referring to by "key regeneration"? -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users