Suitable type for DNSSEC private keys
Göran Uddeborg
goeran at uddeborg.se
Tue Feb 17 21:06:43 UTC 2009
Daniel J Walsh writes:
> grep dnssec /etc/selinux/targeted/contexts/files/file_contexts
> /etc/rndc\.key -- system_u:object_r:dnssec_t:s0
> /var/named/chroot/etc/rndc\.key -- system_u:object_r:dnssec_t:s0
I thought that file was just for connection between the named server
and rndc clients. I didn't think it had anything to do with DNSSEC at
all. Am I wrong?
I'm talking about keys for signing a zone, in files having names like
Kuddeborg.se.+005+16744.key and Kuddeborg.se.+005+16744.private
respectively.
Stephen Smalley writes:
> Why are you putting the private key in /var/named at all? Why is it
> even on the public server?
Well, I haven't been able to run dnssec-signzone without having both
the private and public keys in the same directory. But maybe I just
haven't figured these things out? These DNSSEC tools are new to me.
More information about the fedora-selinux-list
mailing list