AW: How to prepublish additional DNSKEY
Daniel Stirnimann
daniel.stirnimann at switch.ch
Thu Jul 9 10:43:57 UTC 2020
On 09.07.20 11:51, Klaus Darilion wrote:
>>> So, how is the correct process to add an additional DNSKEY (only the public
>> key is known).
>>
>> I think you are looking for `dnssec-importkey`.
>
> Indeed. I imported the key and got a .key and .private file. I put those files in the same directory as the other keys, gave read permissions to bind and executed:
> rndc loadkeys myzone
> rndc sign myzone
>
> But the additional key is not added to the reponse of DNSKEY queries.
Does the key have correct timing metadata in the key file?
Have a look at "dnssec-settime".
Daniel
More information about the bind-users
mailing list