Keeping DNSSEC KSKs offline with BIND9Setting up new domainbind9 DNS Ubuntu names pingible on server, but not on Windows Machines?Pushing DNSSEC updates with offline keysDNS BIND on CENTOS 6.3 and domain nameserversHow to DNSSEC Sign Bind9 Reverse ZoneBIND9 logging into filebind9 does not resolve dnssec correctlyHow to update a zone with auto-dnssec: maintainDENIC NAST - Generating Compliant DNSSEC KeyWindows DNS Server with DNSSEC validation break specific domain
Why commonly or frequently used fonts sizes are even numbers like 10px, 12px, 16px, 24px, or 32px?
tikz drawing rectangle discretized with triangle lattices and its centroids
What do you call the hair or body hair you trim off your body?
Why were the bells ignored in S8E5?
Cuban Primes
Windows 10 lock screen - display my own random images
Network latencies between opposite ends of the Earth
Why did the metro bus stop at each railway crossing, despite no warning indicating a train was coming?
Why is Drogon so much better in battle than Rhaegal and Viserion?
What do the "optional" resistor and capacitor do in this circuit?
UUID type for NEWID()
Testing if os.path.exists with ArcPy?
Wireless headphones interfere with Wi-Fi signal on laptop
What is this weird d12 for?
Can a tourist shoot a gun in the USA?
How to rename multiple files in a directory at the same time
Why does SSL Labs now consider CBC suites weak?
Does addError() work outside of triggers?
Meaning of "legitimate" in Carl Jung's quote "Neurosis is always a substitute for legitimate suffering."
Are there microwaves to heat baby food at Brussels airport?
I recently started my machine learning PhD and I have absolutely no idea what I'm doing
When did game consoles begin including FPUs?
Is the seat-belt sign activation when a pilot goes to the lavatory standard procedure?
Can anyone give me examples of the relative-determinative 'which'?
Keeping DNSSEC KSKs offline with BIND9
Setting up new domainbind9 DNS Ubuntu names pingible on server, but not on Windows Machines?Pushing DNSSEC updates with offline keysDNS BIND on CENTOS 6.3 and domain nameserversHow to DNSSEC Sign Bind9 Reverse ZoneBIND9 logging into filebind9 does not resolve dnssec correctlyHow to update a zone with auto-dnssec: maintainDENIC NAST - Generating Compliant DNSSEC KeyWindows DNS Server with DNSSEC validation break specific domain
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I am looking to move the private part of the KSK for my domains off my main nameserver. I've tried this with a test domain and get errors like this:
dns_dnssec_keylistfromrdataset: error reading /etc/bind/keys/example.com/Kexample.com.+999+99999.private: file not found
...
dns_dnssec_findzonekeys2: error reading /etc/bind/keys/example.com/Kexample.com.+999+99999.private: file not found
This guide recommends keeping the private KSKs offline without much further comment so I'm guessing it's ok to ignore these warnings? The zone continues to operate as expected and I can make changes fine (the errors just keep appearing).
If it is ok to ignore the warning, is there a way to disable it so the logs don't get filled up?
domain-name-system bind dnssec
asked May 4 at 13:33
TugzridaTugzrida
1163
add a comment |
I am looking to move the private part of the KSK for my domains off my main nameserver. I've tried this with a test domain and get errors like this:
dns_dnssec_keylistfromrdataset: error reading /etc/bind/keys/example.com/Kexample.com.+999+99999.private: file not found
...
dns_dnssec_findzonekeys2: error reading /etc/bind/keys/example.com/Kexample.com.+999+99999.private: file not found
This guide recommends keeping the private KSKs offline without much further comment so I'm guessing it's ok to ignore these warnings? The zone continues to operate as expected and I can make changes fine (the errors just keep appearing).
If it is ok to ignore the warning, is there a way to disable it so the logs don't get filled up?
domain-name-system bind dnssec
asked May 4 at 13:33
TugzridaTugzrida
1163
add a comment |
I am looking to move the private part of the KSK for my domains off my main nameserver. I've tried this with a test domain and get errors like this:
dns_dnssec_keylistfromrdataset: error reading /etc/bind/keys/example.com/Kexample.com.+999+99999.private: file not found
...
dns_dnssec_findzonekeys2: error reading /etc/bind/keys/example.com/Kexample.com.+999+99999.private: file not found
This guide recommends keeping the private KSKs offline without much further comment so I'm guessing it's ok to ignore these warnings? The zone continues to operate as expected and I can make changes fine (the errors just keep appearing).
If it is ok to ignore the warning, is there a way to disable it so the logs don't get filled up?
domain-name-system bind dnssec
asked May 4 at 13:33
TugzridaTugzrida
1163
I am looking to move the private part of the KSK for my domains off my main nameserver. I've tried this with a test domain and get errors like this:
dns_dnssec_keylistfromrdataset: error reading /etc/bind/keys/example.com/Kexample.com.+999+99999.private: file not found
...
dns_dnssec_findzonekeys2: error reading /etc/bind/keys/example.com/Kexample.com.+999+99999.private: file not found
This guide recommends keeping the private KSKs offline without much further comment so I'm guessing it's ok to ignore these warnings? The zone continues to operate as expected and I can make changes fine (the errors just keep appearing).
If it is ok to ignore the warning, is there a way to disable it so the logs don't get filled up?
domain-name-system bind dnssec
domain-name-system bind dnssec
asked May 4 at 13:33
TugzridaTugzrida
1163
asked May 4 at 13:33
TugzridaTugzrida
1163
asked May 4 at 13:33
TugzridaTugzrida
1163
asked May 4 at 13:33
TugzridaTugzrida
1163
asked May 4 at 13:33
TugzridaTugzrida
1163
1163
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f965869%2fkeeping-dnssec-ksks-offline-with-bind9%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f965869%2fkeeping-dnssec-ksks-offline-with-bind9%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
