Switching to a different dnssec-policy broke my zone.
Björn Persson
Bjorn at xn--rombobjrn-67a.se
Wed Nov 22 12:20:12 UTC 2023
My zone was previously signed with a KSK and a ZSK with unlimited
lifetime. I switched the zone over to a dnssec-policy using CSKs and
automatic key rotation. After the DS record was updated, most of the
RRSIG records were removed, leaving the zone broken to validating
resolvers.
Am I not supposed to do that, or is this a known bug, or do I need to
spend the time to write a detailed bug report?
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signatur
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231122/77ecc362/attachment.sig>
More information about the bind-users
mailing list