Date: Wed, 26 Sep 2001 16:54:31 -0400 From: Vivek Khera <khera@kcilink.com> To: stable@freebsd.org, bind-users@isc.org Subject: BIND 8.2.4-REL in FreeBSD 4.4 broke my DNSSEC Message-ID: <15282.16519.937665.189852@onceler.kciLink.com>
next in thread | raw e-mail | index | archive | help
I had been running 4.3-STABLE from about June on my primary DNS
server, and had BIND 8.2.3-REL on it (I forget if I updated it or it
was already that version when I installed FreeBSD).
Anyhow, my DNSSEC configuration is now failing with these errors:
/etc/namedb/named.conf:23: unknown key 'kci-yertle'
/etc/namedb/named.conf:23: empty key not added to server list
/etc/namedb/named.conf:51: unknown key 'vortex-kci'
/etc/namedb/named.conf:51: empty key not added to server list
Does anyonw know anything about this? I see in the CHANGES file these
entries:
1186. [bug] DNSSEC key ids were computed incorrectly.
1156. [bug] don't use a known bogus key name.
I don't see anything in the docs that indicate syntax change.
Again, this worked just fine with 8.2.3-REL and prior. The BIND users
mailing list archive shows nothing related to these errors, and I
don't recall seeing anything like this on the freebsd lists.
My config is like this:
key kci-yertle. {
algorithm hmac-md5;
secret "my-secret-is-here";
};
server 216.194.193.105 {
keys { kci-yertle.; };
};
For kicks, I tried generating a new key using the dnskeygen progam,
but that also gave the same types of errors.
Any help would be appreciated.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15282.16519.937665.189852>