On 4/9/25 02:29, Bagas Sanjaya wrote:
On Tue, Apr 08, 2025 at 07:38:44AM -0500, Matthijs Mekking wrote:
This time I was able to reproduce, thanks.
The reason why the key created by dnssec-keygen is retired because named
thinks it was in use already. When there is key timing metadata, the key is
considered to be in use (now or in the past).
Only not previously used keys are considered as a successor in key
rollovers.
Try generating the key with dnssec-keygen -G. This will create a key without
setting timing metadata.
Indeed it solves the problem. Thanks!
I will update the documentation accordingly.
Both in KB and dnssec guide in BIND ARM?
Yes
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
