trouble with dnssec signed zone on secondary.
Måns Nilsson
mansaxel at sunet.se
Thu Jan 6 11:28:42 UTC 2005
--On torsdag 6 januari 2005 09.51 +0100 Ted Lindgreen <ted at NLnetLabs.nl>
wrote:
> [Quoting =?ISO-8859-1?Q?M=E5ns_Nilsson?=, on Jan 6, 2:13, in "trouble
> with dnssec ..."] ...
>> This is only somewhat related to nsd, but someone else must have hit
>> it.=20 I am having trouble AXFRing a signed zone -- named-xfer v.latest
>> does not recognise the file format and writes a zone file that zonec
>> barfs on.=20
>
> Yes, this is a known problem of BIND-8.
>
> There is a fix (appended) to prevent the BIND-8 named-xfer writing
> out a zonefile with syntax errors, but this will still not produce
> the correct DNSSEC zonefile, because BIND-8 does not understand the
> special handling of the DS.
>
> We have an NSD version of named-xfer, but it is not yet released (it
> will soon be after quality assurance checks).
Thanks for the confirmation of my suspicions,
Regards,
--
Måns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC
MN1334-RIPE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20050106/af0620e2/attachment.bin>
More information about the nsd-users
mailing list