Hi,
On 21-10-2022 23:05, PGNet Dev wrote:
I exec
rndc dnssec -checkds -key 63917 published example.com IN external
with dnssec loglevel -> debug, on exec, in logs
2022-10-21T16:55:22.690603-04:00 ns named[36683]: 21-Oct-2022
16:55:22.689 dnssec: debug 1: keymgr: examine KSK
example
The good news it is not stuck.
What indicator flags that it IS 'stuck'? Is it explicitly logged?
BIND is waiting to make sure the new DS is also known to the validators. The
time being evaluated here is the DS TTL, plus parent-propagation-delay, plus
retire-safety. All these three values ar
A Beginner's Guide to DNSSEC with BIND 9.
Well done! A few comments, if I may:
1. in your zone stanzas you use the term "master" (type: master, ... masters
{}). BIND has been updated already a while ago to support the term primary, e.g. `type
primary;' and `primaries {};' (likewise for 'secon
i've read this comment
'inline-signing' might go away and be replaced by dnssec-policy
now a few times, in posts and in docs
currently, WITH 'dnssec-policy' signing enabled & in-use, i've
zone "example.com" IN {
type master; file "namedb/primary/example.com.zone";
Jan-Piet Mens wrote:
>> A Beginner's Guide to DNSSEC with BIND 9.
> Well done! A few comments, if I may:
{snip}
Thanks JP, I really appreciate the feedback. I'll take all of that onboard,
change my zones and guide from master/slave to primary/secondary, and take a
look at TSIG as well.
As PG
5 matches
Mail list logo
