DNSSEC and NSEC missing ZSK?

[at lbutlr]

On 08 Feb 2021, at 11:10, @lbutlr <kremels at kreme.com> wrote:
> That recreates the .signed.jnl and not the .signed file. No errors are reported.

Well, I have finally ogttenteh test zone to the point where dnssec-verify is happy and everything that I can check also seems happy except dnsviz which is very very VERY angry and basically says the zone is entirely garabge. I am hoping this is a propagation issue, but I kind of doubt it since it should be quarrying the authoritative DNS for the DNSKEY and RRSIG and such, I'd think.

I'll give it a couple of days and see where I am there before I try to move any domains that are actually used.

Thanks everyone for prods and hints along this path.

-- 
When and where does this "real world" occur?!