Dear list,
Is there a way of using dnssec-lookaside and forcing bind not to
maintain a managed-keys-zone for certain views? Or allowing it to start
up if the files are missing for some views? I have within my named.conf
this view, designed to hide bind.version and so forth from the world at
Is there a way of using dnssec-lookaside and forcing bind not to
maintain a managed-keys-zone for certain views?
Sure, just do it the old way, without dnssec-lookaside auto.
Put these in the view statement:
dnssec-lookaside . trust-anchor dlv.isc.org;
trusted-keys {
On 18/07/2010 17:58:15, Evan Hunt wrote:
Is there a way of using dnssec-lookaside and forcing bind not to
maintain a managed-keys-zone for certain views?
Sure, just do it the old way, without dnssec-lookaside auto.
Put these in the view statement:
dnssec-lookaside . trust-anchor
On Sun, Jul 18, 2010 at 3:28 PM, Matthew Seaman
m.sea...@infracaninophile.co.uk wrote:
Think I'll just drop the external-chaos view. Some script kiddie
working out I'm running the latest version of bind is likely to be lower
risk and a lot less harmful than dealing with broken dnssec chains of
On 07/18/10 12:28, Matthew Seaman wrote:
Think I'll just drop the external-chaos view. Some script kiddie
working out I'm running the latest version of bind is likely to be lower
risk and a lot less harmful than dealing with broken dnssec chains of trust.
I agree, and to take it one step
Well, it's a better work around than what I have been doing, but not
having the RFC 5011 behaviour is quite a disappointment. Now I have
presentiments of disaster should the DLV key have to be rolled for
whatever reason.
Sorry, I misunderstood your question--I thought you wanted to know how
6 matches
Mail list logo
