| === shokohsc1 is now known as shokohsc | ||
| === chris14_ is now known as chris14 | ||
| === jetbaby is now known as Guest4528 | ||
| === dbungert1 is now known as dbungert | ||
| === shokohsc3 is now known as shokohsc | ||
| === pizzaiolo is now known as pizza | ||
| ahasenack | sdeziel: hi, in your dnssec bind9 zones, do you have the "inling-signing yes" config parameter? | 17:06 |
|---|---|---|
| ahasenack | I'm looking at how common the scenario described here would be: https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing | 17:07 |
| ahasenack | and you are my sample #1 :) | 17:07 |
| ahasenack | I'm worried about upgrades hitting this problem if the existing dnssec zones are configured like that. bind9 will refuse to start after the upgrade in that case: | 17:07 |
| ahasenack | Apr 10 16:55:12 f-bind9-mre named[2902]: /etc/bind/named.conf.local:12: 'inline-signing yes;' must also be configured explicitly for zones using dnssec-policy | 17:07 |
| ahasenack | without a configured 'allow-update' or 'update-policy'. See https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing | 17:07 |
| sergiodj | ahasenack: regarding your comment in the MP: I remember glancing over this release note entry, but for some reason I did not raise this topic while reviewing the Jammy/Kinetic MREs. I may have been distracted by something else | 18:15 |
| sergiodj | either way, it's a good catch and I believe it warrants *at least* a note on d/NEWS | 18:16 |
| sergiodj | I'm not sure how to proceed with the Jammy/Kinetic updates, since they've been release already | 18:16 |
| MrsSkilton | https://pastes.io/3zb8ipyqbv | 19:26 |
| oerheks | ignore MrsSkilton | 19:31 |
| MrsSkilton | Learn about Richard Simmons being date raped by Mrs. Skilton, the big-elbowed seductress from Regina! | 19:31 |
| MrsSkilton | https://pastes.io/3zb8ipyqbv | 19:31 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!