Howdy,
I’m trying to get Knot 3.3.5 to use authenticated DNSSEC bootstrapping
following the blog article and docs. However, I’m getting an error for the
signalling zones, but I fail to figure out what I may have overlooked.
error: [_signal.ns2.droso.dk <http://signal.ns2.droso.dk/>.] module
'mod-onlinesign/authsignal', incompatible with automatic signing
Relevant knot.conf snippets (in order):
policy:
- id: ecc
algorithm: ecdsap256sha256
nsec3: on
rrsig-refresh: 7d
mod-onlinesign:
- id: authsignal
nsec-bitmap: [CDS, CDNSKEY]
policy: ecc
template:
- id: default
…
dnssec-signing: on
dnssec-policy: ecc
…
zone:
- domain: _signal.ns2.droso.dk <http://signal.ns2.droso.dk/>
module: [mod-authsignal, mod-onlinesign/authsignal]
Any hint appreciated
Best
Erwin--
