dy yet, then please
keep these standards in mind for future direction when available.
RW
From: bind-users on behalf of Matthijs
Mekking
Sent: Wednesday, October 16, 2024 4:03 AM
To: bind-users@lists.isc.org
Subject: Re: DNSSEC algo rollover fails to delete ol
If you provide the output of `rndc dnssec -status` it might give a hint
why the keys are still published.
I suspect that BIND needs to be told that the DS has been withdrawn for
the parent zone (assuming you don't have parental-agents set up).
For future algorithm rollovers: You can just chan
Restore the keys from backups and let named MANAGE the removal of the
old keys. People really need to stop being impatient with DNSSEC key
management. It is a SLOW process as there are interactions with the
parent zone that need to be co-ordinated and WAIT TIMES that need to
be observed. Named h
Hello everyone,
I made a algo rollover in DNSSEC from algo 8 to algo 13.
Software version : 9.18.28-1~deb12u2-Debian
My zone configuration refers to policies :
==
dnssec-policy "algo8" {
keys {
ksk lifetime un
4 matches
Mail list logo
