Re: Suitable type for DNSSEC private keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel J Walsh writes:
> grep dnssec /etc/selinux/targeted/contexts/files/file_contexts
> /etc/rndc\.key	--	system_u:object_r:dnssec_t:s0
> /var/named/chroot/etc/rndc\.key	--	system_u:object_r:dnssec_t:s0

I thought that file was just for connection between the named server
and rndc clients.  I didn't think it had anything to do with DNSSEC at
all.  Am I wrong?

I'm talking about keys for signing a zone, in files having names like
Kuddeborg.se.+005+16744.key and Kuddeborg.se.+005+16744.private
respectively.

Stephen Smalley writes:
> Why are you putting the private key in /var/named at all?  Why is it
> even on the public server?

Well, I haven't been able to run dnssec-signzone without having both
the private and public keys in the same directory.  But maybe I just
haven't figured these things out?  These DNSSEC tools are new to me.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux