Hello -
Is it possible to enable inline signing of a zone in 2 different views with 2
different keys?
I have the following config:
view "external" {
match-clients {
1.1.1.1;
};
zone "test.com." {
type master;
file "external.test.com.";
allow-update {
localhost;
};
key-directory "/config/external.keys";
auto-dnssec maintain;
inline-signing yes;
};
};
view "internal" {
match-clients {
any;
};
zone "test.com." {
type master;
file "internal.test.com.";
allow-update {
localhost;
};
key-directory "/config/internal.keys";
auto-dnssec maintain;
inline-signing yes;
};
};
When I run bind I get these errors:
11-Apr-2014 10:35:30.414 dns_dnssec_findzonekeys2: error reading private key
file test.com/RSASHA1/49440: file not found
11-Apr-2014 10:35:30.415 dns_dnssec_findzonekeys2: error reading private key
file test.com/RSASHA1/6124: file not found
11-Apr-2014 10:35:30.435 zone test.com/IN/external (signed): reconfiguring zone
keys
11-Apr-2014 10:35:30.436 zone test.com/IN/internal (signed): reconfiguring zone
keys
11-Apr-2014 10:35:30.436 dns_dnssec_keylistfromrdataset: error reading private
key file test.com/RSASHA1/49440: file not found
11-Apr-2014 10:35:30.437 dns_dnssec_keylistfromrdataset: error reading private
key file test.com/RSASHA1/6124: file not found
Is what I am trying to do not possible, or do I have a config error?
I created the key files using
dnssec-keygen test.com
dnssec-keygen -fk test.com
In the 2 different directorys.
All permissions and file owner ship is correct.
It works properly if I only have one (either of them) of these zones configured
for auto signing,
so I believe the key files are ok.
The man page and tutorials that I have found do not address multiple views.
Thank you
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
