On Tue, Apr 08, 2025 at 07:38:44AM -0500, Matthijs Mekking wrote: > This time I was able to reproduce, thanks. > > The reason why the key created by dnssec-keygen is retired because named > thinks it was in use already. When there is key timing metadata, the key is > considered to be in use (now or in the past). > > Only not previously used keys are considered as a successor in key > rollovers. > > Try generating the key with dnssec-keygen -G. This will create a key without > setting timing metadata.
Indeed it solves the problem. Thanks! > > I will update the documentation accordingly. Both in KB and dnssec guide in BIND ARM? -- An old man doll... just what I always wanted! - Clara
signature.asc
Description: PGP signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
