Hi Mark
Heureka..., that did the trick. The zone is inline signed and after I
added the already existing DNSKEY records in the raw zone file, the
CDS/CDNSKEY deletion record was accepted and the zone was loaded.
Many thanks.
Kind regards,
Tom
On 21.02.20 21:08, Mark Andrews wrote:
> There are
There are no DNSKEY records in that zone. CDS and CDNSKEY must be signed for
the
parent to accept them. There must be DNSKEY records present for them to be
signed.
Add a DNSKEY record to that test zone and it will load.
For inline zone just copy the final DNSKEY RRset from the signed version
Hi Mark
Thank you for your answer. BIND is definitely running the current version:
$ rndc status
version: BIND 9.16.0 (Stable Release) ()
running on server: Linux x86_64 3.10.0-1062.4.3.el7.x86_64 #1 SMP Wed
Nov 13 23:58:53 UTC 2019
boot time: Thu, 20 Feb 2020 16:30:15 GMT
last configured:
Tom,
I would run ‘rndc status’ or ‘dig ch txt version.bind @server’ and confirm
that you have restarted named with the new code. I’ve had hundreds of 'bug
reports’ about non fixed bugs that where operators failing to restart named
after
installing the new version. The new code is in
Hi Tom,
> On 20 Feb 2020, at 17:42, Tom wrote:
>
> Hi
>
> With 9.16.0, the CDS deletion
> (https://gitlab.isc.org/isc-projects/bind9/issues/1554) is still not working
> and is ending with the same error as bind-versions before:
>
> 20-Feb-2020 17:31:25.381 general: error: zone
Hi
With 9.16.0, the CDS deletion
(https://gitlab.isc.org/isc-projects/bind9/issues/1554) is still not
working and is ending with the same error as bind-versions before:
20-Feb-2020 17:31:25.381 general: error: zone example.com/IN (unsigned):
CDS/CDNSKEY consistency checks failed
20-Feb-2020
Open a ticket saying “CDS/CDNSKEY not handled when performing constancy
checks”.
--
Mark Andrews
> On 11 Jan 2020, at 07:52, Tom wrote:
>
> Hi list
>
> Using BIND 9.14.9 or BIND 9.14.8 and a zonefile with cds-deletion record:
> @ IN CDS 0 0 0 00
>
> The zone does not load with the
7 matches
Mail list logo
