| Summary: | Troubles with DNSSEC and bindkeys-file directive | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Milan Kerslager <milan.kerslager> |
| Component: | bind | Assignee: | Tomáš Hozza <thozza> |
| Status: | CLOSED NOTABUG | QA Contact: | qe-baseos-daemons |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.9 | ||
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-04-01 08:46:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Hi. I'm not sure what do you mean by "suggested configuration". However as you've stated, the default BIND configuration includes the root DNSKEY file and therefore there is nothing to fix. Closing as NOTABUG |
I was trying to verify DNSSEC on RHEL 6 server and it does not work with suggested configuration in /etc/named.conf: options { ... dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;" bindkeys-file "/etc/named.iscdlv.key"; } The configuration above does not return "ad" flag by: dig +dnssec www.nic.cz However, I found that using the include directive (outside of options) works, so it looks like: options { ... dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;" bindkeys-file "/etc/named.iscdlv.key"; } include "/etc/named.root.key"; This report is only for FYI, not meant as real bugreport. The proper include directive is in default configuration file of RHEL6 too.