Testing KASP, CDS, and .ch

[Jim Popovitch]

Hello!

I've read the "Schacher 20200622 Support for and adoption of CDS in .ch
and .li", and studied 
https://kb.isc.org/docs/dnssec-key-and-signing-policy, however I've hita brick wall: 

https://dnsviz.net/d/domainmail.ch/dnssec/

What am I missing?

I'm using the following policy and zone config: 

dnssec-policy "test" {
        keys { csk lifetime P30D algorithm ECDSAP256SHA256; };
};

zone "domainmail.ch" {
        type master;
        file "/etc/bind/zone/domainmail.ch";
        dnssec-policy "test";
};

Here are the info of the active keys:

/etc/bind/keys/Kdomainmail.ch.+013+22048.key
; This is a key-signing key, keyid 22048, for domainmail.ch.
; Created: 20210208192710 (Mon Feb  8 19:27:10 2021)
; Publish: 20210208192710 (Mon Feb  8 19:27:10 2021)
; Activate: 20210208222710 (Mon Feb  8 22:27:10 2021)
; Inactive: 20210310222710 (Wed Mar 10 22:27:10 2021)
; Delete: 20210320233210 (Sat Mar 20 23:32:10 2021)
; SyncPublish: 20210208222710 (Mon Feb  8 22:27:10 2021)

/etc/bind/keys/Kdomainmail.ch.+013+17870.key
; This is a key-signing key, keyid 17870, for domainmail.ch.
; Created: 20210310202210 (Wed Mar 10 20:22:10 2021)
; Publish: 20210310202210 (Wed Mar 10 20:22:10 2021)
; Activate: 20210310222710 (Wed Mar 10 22:27:10 2021)
; Inactive: 20210409222710 (Fri Apr  9 22:27:10 2021)
; Delete: 20210419233210 (Mon Apr 19 23:32:10 2021)
; SyncPublish: 20210310222710 (Wed Mar 10 22:27:10 2021)

/etc/bind/keys/Kdomainmail.ch.+013+04319.key
; This is a key-signing key, keyid 4319, for domainmail.ch.
; Created: 20210220012755 (Sat Feb 20 01:27:55 2021)
; Publish: 20210220012755 (Sat Feb 20 01:27:55 2021)
; Activate: 20210220012755 (Sat Feb 20 01:27:55 2021)
; Inactive: 20210221040633 (Sun Feb 21 04:06:33 2021)
; Delete: 20210303051133 (Wed Mar  3 05:11:33 2021)
; SyncPublish: 20210221023255 (Sun Feb 21 02:32:55 2021)


-Jim P.