Re: multiple trusted-keys stanzas?
In message <8C8BC3C0-AA43-4E27-98F1-F894650AF3C8@columbia.edu>, David Coulthart
> While I'm aware I can have multiple keys listed in a single trusted-
> keys stanza, I would prefer to keep groups of keys in separate files
> for easier management, but I can't use the include command inside a
> trust-keys stanza. So instead, I was thinking of putting each group of
> keys in its own trusted-keys stanza. Does anyone know if multiple
> trusted-keys stanzas works with BIND (9.5.0-P2)? A simple run of
> named-checkconf with such a config didn't produce any errors. But
> will it use all of the keys or just the ones from the last trusted-
> keys stanza or ...?
> Dave Coulthart[/color]
A simple test would have shown you that it works. Put .SE's
trusted keys in one file and .BR's in another then do
"dig +dnssec SE SOA @server" and "dig +dnssec BR SOA @server"
and look at the responses. You should find AD is set for
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email]Mark_Andrews@isc.org[/email]