Thanks, that did the trick!
On 3/8/12, Mark Andrews <ma...@isc.org> wrote: > > In message > <CAMD-=VKxKssRXfD4XSgPua-v6=ooazylgc3yb3cy51ihopw...@mail.gmail.com> > , Nick Edwards writes: >> On 3/8/12, Nick Edwards <nick.z.edwa...@gmail.com> wrote: >> > On 3/7/12, Mark Andrews wrote: >> > >> >>> resigned it again as about 3 months using: dnssec-signzone -a -e >> >>> +15724800 -K keys/ -N INCREMENT guilty_domain.here >> >> >> >> You should have fed dnssec-signzone the old signed zone not the >> >> unsigned >> >> zone. >> >> >> >> dnssec-signzone -f guilty_domain.here.signed .... -N INCREMENT >> >> guilty_domain.here.signed >> >> >> > >> > Thank you Mark, in all of the so called "howto's" I've read, I recall >> > none of them mentioning resigning the "signed file". >> > I've changed my cheat sheet to reflect above is only useful for >> > initial signing, and your example as all subsequent signings >> > >> > Thanks again. >> > >> >> Hrmm, is thatreally the correct command? >> >> dnssec-signzone -f xxxxxx.org.signed -a -e +15724800 -K keys/ -N >> INCREMENT xxxxxx.org.signed >> >> fatal: failed loading zone from 'xxxxxxx.org.signed': not at top of zone > > -o xxxxxxx.org > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
