LeBlanc, Daniel James
2019-03-13 18:52:38 UTC
Hello.
I am having difficulty configuring DNSSEC local trust anchors in ISC BIND 9.12.3-P1. In the process of troubleshooting I turned to delv and discovered that for some reason my trusted-keys are not being loaded (if I point delv at the bind.keys file it loads fine so perhaps there is some problem with my trusted-keys file content).
I am executing the following delv command...
sudo /var/named/bin/delv @<DNS IP> -a /var/named/keys/trythese.keys -b127.0.0.1 ansible.test.dnsview.newdomain.bell.ca +rtrace +multiline +mtrace +vtrace
...and getting this result:
/var/named/bin/delv: No trusted keys were loaded
The version of delv matches the ISC BIND install:
sudo /var/named/bin/delv -v
delv 9.12.3-P1
The contents of my trusted keys file is as follows (stripped down to a single entry during troubleshooting):
trusted-keys {
newdomain.bell.ca. 257 3 8 "AwEAAd9q59Nu3HxkmzM2J8dTPNlrKnTVfGYWIloa----------------<censored>---------------fEueTW2UXeypkiOlJm0dZ6hxptx66ZbEMNVP27I1bUN9o+KDe9dK27fYmpS50c=";
};
Note that I am configuring this for the first time so may not have the configuration exactly right. Any thoughts on what might be the problem?
Thanks!
Daniel J. LeBlanc, P.Eng., MBA, DTME | Senior Network Architect | Bell Canada
I am having difficulty configuring DNSSEC local trust anchors in ISC BIND 9.12.3-P1. In the process of troubleshooting I turned to delv and discovered that for some reason my trusted-keys are not being loaded (if I point delv at the bind.keys file it loads fine so perhaps there is some problem with my trusted-keys file content).
I am executing the following delv command...
sudo /var/named/bin/delv @<DNS IP> -a /var/named/keys/trythese.keys -b127.0.0.1 ansible.test.dnsview.newdomain.bell.ca +rtrace +multiline +mtrace +vtrace
...and getting this result:
/var/named/bin/delv: No trusted keys were loaded
The version of delv matches the ISC BIND install:
sudo /var/named/bin/delv -v
delv 9.12.3-P1
The contents of my trusted keys file is as follows (stripped down to a single entry during troubleshooting):
trusted-keys {
newdomain.bell.ca. 257 3 8 "AwEAAd9q59Nu3HxkmzM2J8dTPNlrKnTVfGYWIloa----------------<censored>---------------fEueTW2UXeypkiOlJm0dZ6hxptx66ZbEMNVP27I1bUN9o+KDe9dK27fYmpS50c=";
};
Note that I am configuring this for the first time so may not have the configuration exactly right. Any thoughts on what might be the problem?
Thanks!
Daniel J. LeBlanc, P.Eng., MBA, DTME | Senior Network Architect | Bell Canada