On 09.07.20 11:51, Klaus Darilion wrote: >>> So, how is the correct process to add an additional DNSKEY (only the public >> key is known). >> >> I think you are looking for `dnssec-importkey`. > > Indeed. I imported the key and got a .key and .private file. I put those > files in the same directory as the other keys, gave read permissions to bind > and executed: > rndc loadkeys myzone > rndc sign myzone > > But the additional key is not added to the reponse of DNSKEY queries.
Does the key have correct timing metadata in the key file? Have a look at "dnssec-settime". Daniel _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
