Inline signing fails dnsviz test.
Dan Egli
dan at newideatest.site
Mon May 10 21:36:55 UTC 2021
Okay, so I added the policy, and things MOSTLY look okay. But when I
retake the verification test, I get errors about no RRSIGs found. What
do I do to resolve that issue?
On 5/10/2021 12:38 PM, Tony Finch wrote:
> Dan Egli <dan at newideatest.site> wrote:
>> Still not working for me. The dig doesn't report anything, and I don't HAVE a
>> keyfile since i'm using inline signing. Or does inline signing still require a
>> key to be generated?
> Yes, you need to do your own key management with inline-signing using
> dnssec-keygen. The new dnssec-policy feature can do automatic key
> management for you.
>
> Tony.
--
Dan Egli
From my Test Server
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x11B7451DF2015959.asc
Type: application/pgp-keys
Size: 3792 bytes
Desc: OpenPGP public key
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210510/3a6dbc87/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210510/3a6dbc87/attachment-0003.bin>
More information about the bind-users
mailing list