Hello - Is it possible to enable inline signing of a zone in 2 different views with 2 different keys?
I have the following config: view "external" { match-clients { 1.1.1.1; }; zone "test.com." { type master; file "external.test.com."; allow-update { localhost; }; key-directory "/config/external.keys"; auto-dnssec maintain; inline-signing yes; }; }; view "internal" { match-clients { any; }; zone "test.com." { type master; file "internal.test.com."; allow-update { localhost; }; key-directory "/config/internal.keys"; auto-dnssec maintain; inline-signing yes; }; }; When I run bind I get these errors: 11-Apr-2014 10:35:30.414 dns_dnssec_findzonekeys2: error reading private key file test.com/RSASHA1/49440: file not found 11-Apr-2014 10:35:30.415 dns_dnssec_findzonekeys2: error reading private key file test.com/RSASHA1/6124: file not found 11-Apr-2014 10:35:30.435 zone test.com/IN/external (signed): reconfiguring zone keys 11-Apr-2014 10:35:30.436 zone test.com/IN/internal (signed): reconfiguring zone keys 11-Apr-2014 10:35:30.436 dns_dnssec_keylistfromrdataset: error reading private key file test.com/RSASHA1/49440: file not found 11-Apr-2014 10:35:30.437 dns_dnssec_keylistfromrdataset: error reading private key file test.com/RSASHA1/6124: file not found Is what I am trying to do not possible, or do I have a config error? I created the key files using dnssec-keygen test.com dnssec-keygen -fk test.com In the 2 different directorys. All permissions and file owner ship is correct. It works properly if I only have one (either of them) of these zones configured for auto signing, so I believe the key files are ok. The man page and tutorials that I have found do not address multiple views. Thank you _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users