[Opendnssec-user] Step by step Ubuntu 10.10 - signs zone but queries don't work (reformatted)
Rickard Bellgrim
rickard at opendnssec.org
Fri Mar 9 12:18:10 UTC 2012
> NOTE: At this point zone in /unsigned gets signed and move to /tmp and
> /signconf files are also generated. The zone is signed in /signed but still
> unable to fill +dnssec queries.
My guess is that BIND does not know where the signed zone is. You just
added allow-transfer in BIND-config. I suspect that you expect
OpenDNSSEC to transfer the zone to BIND using AXFR. In fact,
OpenDNSSEC will write the zone to file and tell the name server to
reload it. OpenDNSSEC 1.4.0 will have outbound AXFR. For now, you have
to edit BIND config to point to the signed zone file.
// Rickard
More information about the Opendnssec-user
mailing list