Capabilities and limitations of catalog zones

2022-02-08 Thread John Thurston 
Are we not able to use catalog zones to propagate zone-configuration for 
anything other than 'master' zones? I've been playing with catalog zones 
in the lab, and am stuck.


I have defined a catalog zone on my primary, with a zone file that looks 
like:



$TTL 300
@ IN SOA @ hostmaster.ak.gov. ( 123 60 60 432000 60 )
  IN NS invalid.
version IN TXT "2"

e6db03231540bd80933ff1e504e3f43dbdb8f0cd.zones IN PTR ak.gov.
eb1a9a3baa50b96663357a8fe204983748769ed9.zones IN PTR localhost.


I have defined a secondary and told it to consume from the primary. In 
the logs, I can see the XFR requests, and the transfer of the zone 
'localhost' completes as expected. The zone "ak.gov' does not.


The difference between them is 'localhost' is defined on the primary 
like so:



 zone "localhost" {
 type master;
 file "db.localhost";
 };


while 'ak.gov' is defined on the primary like so:


zone "ak.gov" {type forward;forward only;forwarders
   { 10..11.12.13; };
};






--
--
Do things because you should, not just because you can.

John Thurston907-465-8591
john.thurs...@alaska.gov
Department of Administration
State of Alaska
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

dnssec: ds showing hidden 3+ days after key roll

2022-02-08 Thread Larry Rosenman 

Greetings,
new poster.  I just converted over to DNSSEC-policy,  and rolled my 
KSK.  I see:

key: 269 (RSASHA256), KSK
  published:  yes - since Sun Feb  6 14:31:32 2022
  key signing:yes - since Sun Feb  6 14:31:32 2022

  No rollover scheduled
  - goal:   omnipresent
  - dnskey: omnipresent
  - ds: hidden
  - key rrsig:  omnipresent


ler in thebighonker in namedb on  master [!] as 慄
❯

Is it normal to see the ds as hidden?  It IS published, and I told rndc 
that.


Any insight appreciated.

--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: l...@lerctr.org
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users