On Fri, Sep 07, 2018 at 06:15:59PM +0200, Mark Elkins wrote:
> I kinda also wonder why the command simply doesn't output to stdout by
> default. The *only* reason I've ever run the command "rndc secroots" is
> to look at the output, that is, checking for the correct DNSKEY
> root-anchors - which I
I'm aware of: rndc managed-keys status
I'm also aware of: rndc secroots -
(a Hypen at the end of "rndc secroots" will send output to stdout)
I'm just not sure how long the 'hyphen' argument has been around for but
vaguely remember a similar discussion from long ago.
It looks like someone else
Mark Elkins wrote:
> I kinda also wonder why the command simply doesn't output to stdout by
> default.
Historical reasons :-) BIND 9.11 and later have `rndc managed-keys` which
is rather more user-friendly. I get the impression that the root rollover
guides are using `rndc secroots` because
permissive=0
>>>
>>>
>>> I left all of the permissions the same and I think they should be lenient
>>> enough:
>>> [root@ns3 named]# ls -lh named.secroots
>>> -rw-rw-rw-. 1 named named 0 Sep 6 13:52 named.secroots
>>>
>>>
&
3 named]# ls -lh named.secroots
>> -rw-rw-rw-. 1 named named 0 Sep 6 13:52 named.secroots
>>
>>
>>
>>
>> -Original Message-
>> From: Hugo Salgado-Hernández [mailto:hsalg...@nic.cl]
>> Sent: Thursday, September 06, 2018 3:39 PM
>> To: Bren
Hi,
also a few notes to it.
Dne 7.9.2018 v 04:05 Brent Swingle napsal(a):
> This matter has been resolved with input from Evan. I was able to add a file
> path for secroots to the named.conf file and push the output file to a temp
> directory that was not permission restricted.
>
>
permissions the same and I think they should be lenient
> enough:
> [root@ns3 named]# ls -lh named.secroots
> -rw-rw-rw-. 1 named named 0 Sep 6 13:52 named.secroots
>
>
>
>
> -Original Message-
> From: Hugo Salgado-Hernández [mailto:hsalg...@nic.cl]
> Sent: T
ssive=0' so it suggests a SELinux-enforcing environment.
Stuart
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Brent
Swingle
Sent: Friday, 7 September 2018 12:05 PM
To: bind-users@lists.isc.org
Subject: Re: [BIND] RE: KSK Rollover
This matter has been resolved with in
This matter has been resolved with input from Evan. I was able to add a file
path for secroots to the named.conf file and push the output file to a temp
directory that was not permission restricted.
secroots-file "/tmp/named.secroots" ;
Ultimately when I ran "rndc secroots" it created the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2018-09-06 at 20:58 +, Brent Swingle wrote:
> I left all of the permissions the same and I think they should be
> lenient enough:
> [root@ns3 named]# ls -lh named.secroots
> -rw-rw-rw-. 1 named named 0 Sep 6 13:52 named.secroots
Does
named named 0 Sep 6 13:52 named.secroots
-Original Message-
From: Hugo Salgado-Hernández [mailto:hsalg...@nic.cl]
Sent: Thursday, September 06, 2018 3:39 PM
To: Brent Swingle
Cc: Evan Hunt ; bind-users@lists.isc.org
Subject: Re: [BIND] RE: KSK Rollover
Hi Brent.
In out CentOS box, the
Hi Brent.
In out CentOS box, the named.secroots file is written on
/var/named/
You should check permissions there too.
Hugo
On 20:32 06/09, Brent Swingle wrote:
> Evan,
>
> I ran the command and followed the directions to build out rndc as you have
> suggested. However, I am not sure that
12 matches
Mail list logo
