I'm trying to implement DNSSEC with the bind>=9.9 option inline-sgning.
I've previously successfully manually signed the same zone by generating a .signed file with dnssec-signzone. But I don't want to manually sign the zone each time so I want to use inline-signing to let bind do the stuff.
So I modified the options statement with key-directory "/etc/bind/keys"; dnssec-validation auto; dnssec-enable yes; and in the zone statement I've added auto-dnssec maintain; inline-signing yes;. But the server was still not answering
$ dig DNSKEY @<domain_ns>
So I ended up finding this command that gives me an error.
# rndc loadkeys <domain>
rndc: 'loadkeys' failed: multiple
zone '<domain>' was found in multiple views
A little bit of context : I'm using an "internal view" for people on my network and an "external view" for others. I need to keep those and the zone I want to sign is available to both views.
And then I don't know how to solve this, I've tryed using auto-dnssec and inline-siging options in both or in only one of the views. Doesn't seems to help. So i'm asking here if anyone knows a solution
Best Answer
When you have the same zone in multiple views, you need to tell rndc which view to operate on. It should be the view where the zone was defined as "type master", not the one where it was referenced with "in-view".
So, assuming you defined the zone for example.com in a view called "external", you'd have to type:
Same for the other rndc commands, just put "IN external" after the domain name and it should work.