t 19 18:13:02 CDT 2023
;; MSG SIZE rcvd: 231
From: Mark Andrews
Sent: Sunday, October 8, 2023 8:11 PM
To: Eddie Rowe
Cc: bind-users@lists.isc.org
Subject: Re: KASP Rollover = Immediate Loss of DNSKEY (Why Do Inactive Keys
Disappear?)
>Given the parent zone doesn’t have D
When performing a key rollover using the KASP I continue to see the DNSKEY
IMMEDIATELY disappear rather than staying active for the appropriate period of
time with the test zone having a 3 hour TTL. I first encountered this behavior
with RHEL 9.2 with BIND 9.16.23-RH (Extended Support Version)
ssume that the reason you have rumoured state is because you are trying to
roll your ZSK to soon after the previous ZSK rollover? Have you checked the
various timing settings in the KASP definition?
Nick.
On 30/09/23 11:32, Nick Tait via bind-users wrote:
On 29/09/23 12:05, Eddie Rowe wrote:
ments to the documentation!
From: bind-users on behalf of Nick Tait via
bind-users
Sent: Friday, September 29, 2023 5:01 PM
To: bind-users@lists.isc.org
Subject: Re: KSAP - How to manually rollover keys documentation?
On 28/09/23 10:02, Eddie Rowe wrote:
I am
When I perform a ZSK key rollover the existing ZSK disappears immediately so
not sure what I am missing when using the KASP to manage key rollover. The
state for the keys looks good and for this test I have TTL set to 1 hour.. But
why does dig not show me both DNSKEY records for the ZSK after
I am using the nifty feature of the KASP in 9.16.23, but I cannot seem to
locate documentation on how to manually rollover keys in case this is needed in
the future. The documentation is excellent as far as discussing the steps
involved for the manual or semi-automatic but I am not seeing the st
6 matches
Mail list logo
