Alan Batie <a...@peak.org> wrote: > > That was my thought, but the tools complain about not having both...
[snip] > Still working out which ones it thinks are missing, as both appear to be > there - it would be nice if the tool was more specific... If you are doing an algorithm rollover, you should have 2 keys (ZSK and KSK) for each algorithm, 4 keys total. I only use dnssec-signzone if I'm testing or doing something weird, so I'm not familiar with it. (In production I use automatic signing in `named` because it is easier.) But you might be able to follow my howto inserting a dnssec-signzone before rndc reload and you might get something that will approximately work... Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Irish Sea: Westerly becoming variable, then northeasterly later, 2 to 4, occasionally 5 in south. Slight or moderate in south, smooth or slight in north. Rain or showers. Good, occasionally poor in south. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
