DNSSEC and slaves error
Nick Edwards
nick.z.edwards at gmail.com
Fri Mar 9 00:27:57 UTC 2012
Thanks, that did the trick!
On 3/8/12, Mark Andrews <marka at isc.org> wrote:
>
> In message
> <CAMD-=VKxKssRXfD4XSgPua-v6=oOAzyLgc3yB3cY51iHOPW3NQ at mail.gmail.com>
> , Nick Edwards writes:
>> On 3/8/12, Nick Edwards <nick.z.edwards at gmail.com> wrote:
>> > On 3/7/12, Mark Andrews wrote:
>> >
>> >>> resigned it again as about 3 months using: dnssec-signzone -a -e
>> >>> +15724800 -K keys/ -N INCREMENT guilty_domain.here
>> >>
>> >> You should have fed dnssec-signzone the old signed zone not the
>> >> unsigned
>> >> zone.
>> >>
>> >> dnssec-signzone -f guilty_domain.here.signed .... -N INCREMENT
>> >> guilty_domain.here.signed
>> >>
>> >
>> > Thank you Mark, in all of the so called "howto's" I've read, I recall
>> > none of them mentioning resigning the "signed file".
>> > I've changed my cheat sheet to reflect above is only useful for
>> > initial signing, and your example as all subsequent signings
>> >
>> > Thanks again.
>> >
>>
>> Hrmm, is thatreally the correct command?
>>
>> dnssec-signzone -f xxxxxx.org.signed -a -e +15724800 -K keys/ -N
>> INCREMENT xxxxxx.org.signed
>>
>> fatal: failed loading zone from 'xxxxxxx.org.signed': not at top of zone
>
> -o xxxxxxx.org
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
More information about the bind-users
mailing list