dnssec-signzone ignoring "-x" option?
Paul Wouters
paul at cypherpunks.ca
Tue Sep 18 17:30:32 UTC 2012
On Mon, 17 Sep 2012, Evan Hunt wrote:
>> Does anyone use dnssec-signzone with -x? If so, can you check/tell me
>> your DNSKEY RRset?
> I just tested it with "dnssec-signzone -Sx example.com" and
> "dnssec-signzone -x example.com", on 9.9.2 and 9.7.4, and it worked
> as expected in all cases.
>
> Were you signing your zone from scratch, or re-signing a zone that
> was already signed? If there was a pre-existing ZSK signature,
> the signing process might have left it in place.
Bingo. That was the problem.
Thanks,
Paul
More information about the bind-users
mailing list