Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Sep 2001 18:05:27 +1000
From:      Mark.Andrews@isc.org
To:        Vivek Khera <khera@kcilink.com>
Cc:        stable@freebsd.org, bind-users@isc.org
Subject:   Re: BIND 8.2.4-REL in FreeBSD 4.4 broke my DNSSEC 
Message-ID:  <200109280805.f8S85Rr03084@drugs.dv.isc.org>
In-Reply-To: Your message of "Wed, 26 Sep 2001 16:54:31 -0400." <15282.16519.937665.189852@onceler.kciLink.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

> I had been running 4.3-STABLE from about June on my primary DNS
> server, and had BIND 8.2.3-REL on it (I forget if I updated it or it
> was already that version when I installed FreeBSD).
> 
> Anyhow, my DNSSEC configuration is now failing with these errors:
> 
> /etc/namedb/named.conf:23: unknown key 'kci-yertle'
> /etc/namedb/named.conf:23: empty key not added to server list 
> /etc/namedb/named.conf:51: unknown key 'vortex-kci'
> /etc/namedb/named.conf:51: empty key not added to server list 
> 
> Does anyonw know anything about this?  I see in the CHANGES file these
> entries:
> 
> 1186.   [bug]           DNSSEC key ids were computed incorrectly.
> 1156.   [bug]           don't use a known bogus key name.
> 
> I don't see anything in the docs that indicate syntax change.
> 
> Again, this worked just fine with 8.2.3-REL and prior.  The BIND users
> mailing list archive shows nothing related to these errors, and I
> don't recall seeing anything like this on the freebsd lists.
> 
> My config is like this:
> 
> key kci-yertle. {
>         algorithm hmac-md5;
        secret "my-secret-is-here";
> };
> 
> server 216.194.193.105 {
>         keys { kci-yertle.; };
> };

	Are you sure that you have these clauses in this order and not
	the reverse order.  Keys have to be defined before they used.

> 
> For kicks, I tried generating a new key using the dnskeygen progam,
> but that also gave the same types of errors.
> 
> Any help would be appreciated.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@isc.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109280805.f8S85Rr03084>