On 3/7/12, Mark Andrews wrote: >> resigned it again as about 3 months using: dnssec-signzone -a -e >> +15724800 -K keys/ -N INCREMENT guilty_domain.here > > You should have fed dnssec-signzone the old signed zone not the unsigned > zone. > > dnssec-signzone -f guilty_domain.here.signed .... -N INCREMENT > guilty_domain.here.signed >
Thank you Mark, in all of the so called "howto's" I've read, I recall none of them mentioning resigning the "signed file". I've changed my cheat sheet to reflect above is only useful for initial signing, and your example as all subsequent signings Thanks again. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
