new dnssec zone OK, error "zone_rekey:dns_zone_getdnsseckeys failed: not found" only in local bind logs ?
PGNet Dev
pgnet.dev at gmail.com
Wed Oct 26 18:21:58 UTC 2022
hi,
> If there are currently no keys that we have to check the DS for, then you may still see this log line.
all my zones have now toggled rumoured -> omnipresent. i took no explicit manual action other than letting an arbitrarily long-ish time pass.
it just happened ... eventually.
re: your comment "we have to check the DS for", what exec _forces_ a (re)check of keys' DS ?
i'd understood
rndc dnssec -checkds published ${zone}
to do exactly that. i.e., check 'NOW'.
and, since the DS were clearly published and available @ my each/all of my parental-agents{}, that the state toggle would happen, similarly, 'NOW'. or at least NOW-ish.
is that incorrect?
More information about the bind-users
mailing list