DNSSEC and NSEC missing ZSK?
at lbutlr
at lbutlr
Tue Feb 9 12:17:56 UTC 2021
On 08 Feb 2021, at 11:10, @lbutlr <kremels at kreme.com> wrote:
> That recreates the .signed.jnl and not the .signed file. No errors are reported.
Well, I have finally ogttenteh test zone to the point where dnssec-verify is happy and everything that I can check also seems happy except dnsviz which is very very VERY angry and basically says the zone is entirely garabge. I am hoping this is a propagation issue, but I kind of doubt it since it should be quarrying the authoritative DNS for the DNSKEY and RRSIG and such, I'd think.
I'll give it a couple of days and see where I am there before I try to move any domains that are actually used.
Thanks everyone for prods and hints along this path.
--
When and where does this "real world" occur?!
More information about the bind-users
mailing list