[src/trunk]: src/etc - read the root keys from our file

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/4164b5175b9e
branches:  trunk
changeset: 786309:4164b5175b9e
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Apr 25 20:28:05 2013 +0000

description:
- read the root keys from our file
- explain what happens if we get clock skew

diffstat:

 etc/named.conf |  10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diffs (26 lines):

diff -r 3b0fc60311d3 -r 4164b5175b9e etc/named.conf
--- a/etc/named.conf    Thu Apr 25 20:10:28 2013 +0000
+++ b/etc/named.conf    Thu Apr 25 20:28:05 2013 +0000
@@ -1,14 +1,20 @@
-# $NetBSD: named.conf,v 1.6 2010/08/24 13:18:58 christos Exp $
+# $NetBSD: named.conf,v 1.7 2013/04/25 20:28:05 christos Exp $
 
 # boot file for secondary name server
 # Note that there should be one primary entry for each SOA record.
+# If you cannot get DNSSEC to work, and you see the following message:
+# DNSKEY: verify failed due to bad signature (keyid=19036): \
+# RRSIG validity period has not begun 
+# Fix your clock. You can comment out the dnssec entries temporarily to
+# get to an ntp server.
 
 options {
        directory "/etc/namedb";
        dnssec-enable yes;
-       dnssec-validation yes;
+       dnssec-validation auto;
        dnssec-lookaside auto;
        managed-keys-directory "keys";
+       bindkeys-file "bind.keys";
        allow-recursion { localhost; localnets; };
 
        #