Looks like when we added the code to sign CDNSKEY and CDS with KSKs we missed
code to skip REVOKED KSKs.
P.S. You have a DS pointing to a non self signed DNSKEY.
> On 29 Nov 2024, at 13:54, Peter 'PMc' Much
> wrote:
>
> Hi,
>
> I just noticed my dns-signer recently started to create some
>
Hi,
I just noticed my dns-signer recently started to create some
invalid signings - the two red arrows in here:
https://dnsviz.net/d/daemon.contact/Z0ka0A/dnssec/
There is a history, one can go back and see these weren't present
in March '24 and earlier.
The problem is, I didn't change an
My bad. I spotted that afterwards.
On Thu, 28 Nov 2024 at 13:48, Anand Buddhdev wrote:
> On Tue, 26 Nov 2024 at 09:40, Greg Choules via bind-users <
> bind-users@lists.isc.org> wrote:
>
> Hi Greg,
>
> Running "named-checkconf -p" will print your entire named configuration,
>> following any inclu
On Tue, 26 Nov 2024 at 09:40, Greg Choules via bind-users <
bind-users@lists.isc.org> wrote:
Hi Greg,
Running "named-checkconf -p" will print your entire named configuration,
> following any include files. There *must* be a "controls" section in there
> or rndc could not work, since, from the ARM
4 matches
Mail list logo
