dnssec: ds showing hidden 3+ days after key roll
Matthijs Mekking
matthijs at isc.org
Wed Feb 9 15:52:48 UTC 2022
Hi Larry,
Without more information it is hard to tell what is going on.
Can you share your dnssec-policy and the contents of the key state file?
And if you have useful logs (grep for keymgr) that would be handy too to
see what is going on.
If you prefer to share them off list, you can mail them me directly.
Best regards,
Matthijs
On 08-02-2022 18:00, Larry Rosenman wrote:
> Greetings,
> new poster. I just converted over to DNSSEC-policy, and rolled my
> KSK. I see:
> key: 269 (RSASHA256), KSK
> published: yes - since Sun Feb 6 14:31:32 2022
> key signing: yes - since Sun Feb 6 14:31:32 2022
>
> No rollover scheduled
> - goal: omnipresent
> - dnskey: omnipresent
> - ds: hidden
> - key rrsig: omnipresent
>
>
> ler in thebighonker in namedb🔒 on master [!] as 🧙
> ❯
>
> Is it normal to see the ds as hidden? It IS published, and I told rndc
> that.
>
> Any insight appreciated.
>
More information about the bind-users
mailing list