> Sure that's what I was doing anyway. > > To be clean, I'm not saying it's bad. > > It's returning the "bad key type" . > > I'm just trying to understand what the problem is.
I'm sorry, I hadn't read your initial message clearly enough. The "bad key type" message is a bug; it's been there for a while but I never noticed it, probably because I never ran dnssec-keygen twice in a row for the same name before. It's cosmetic and harmless, but I'll open a ticket to fix it. I may not get to it very soon, though. What's happening is dnssec-keygen is looking for an existing key whose keytag collides with the one just generated; it finds a key file from the first time you ran dnssec-keygen, opens it, and then complains because it contains type KEY instead of type DNSKEY. KEY is in fact what *should* be there, but the collision- checking function is expectingly DNSKEY, and so it complains. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users