Changes BIND 9.15+ source distribution (gz -> xz, and SHA1 deprecation)
Tony Finch
dot at dotat.at
Wed Mar 4 01:26:03 UTC 2020
Alan Batie <alan at peak.org> wrote:
>
> That was my thought, but the tools complain about not having both...
[snip]
> Still working out which ones it thinks are missing, as both appear to be
> there - it would be nice if the tool was more specific...
If you are doing an algorithm rollover, you should have 2 keys (ZSK and
KSK) for each algorithm, 4 keys total. I only use dnssec-signzone if I'm
testing or doing something weird, so I'm not familiar with it. (In
production I use automatic signing in `named` because it is easier.) But
you might be able to follow my howto inserting a dnssec-signzone before
rndc reload and you might get something that will approximately work...
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Irish Sea: Westerly becoming variable, then northeasterly later, 2 to 4,
occasionally 5 in south. Slight or moderate in south, smooth or slight in
north. Rain or showers. Good, occasionally poor in south.
More information about the bind-users
mailing list