Re: Algorithm roll-over, unexpected content in dsset-file

When there’s no DNSSEC KEY with SEP bit set, the Algo-13 “chain” has single entry point, e.g. Single-Type Signing Scheme (Combined Signing Key), see https://tools.ietf.org/html/rfc6781#section-3.1 and https://tools.ietf.org/html/rfc8499#section-10 I don’t know exactly know what are you trying a

Algorithm roll-over, unexpected content in dsset-file

Hi, Running BIND 9.14.4 on Gentoo. I've been running BIND and DNSSEC for a long time. Years ago - I changed from Algorithm 5 to 8 and am now changing from 8 to 13. My ZSK's have a lifetime of 34 days and my KSK a lifetime of 370 days. I've chosen to create a new ZSK every 17 days and KSK ever