I've got a test domain that I thought I had all working, but noticed the key signing key was missing, so I generated one and did an rndc loadkeys to get things updated, then generated a ds record for it and uploaded that to the registrar, however, it still shows broken, and when I look, I see that the zone signing key 28998 is self-signed, rather than being signed by the zsk 30841? Am I misunderstanding something here?
keys/Kcascocom.com.+008+28998.key:; This is a zone-signing key, keyid 28998, for cascocom.com. keys/Kcascocom.com.+008+30841.key:; This is a key-signing key, keyid 30841, for cascocom.com. ;; ANSWER SECTION: cascocom.com. 3600 IN DNSKEY 256 3 8 AwEAAbzsNZ6nTPgAjprXeuInoS24oSvDktzfDJxbd01Ggbpg+DCFHNQI W9O2PlujvKPNZWw4I0lYNTREF4y3gl4sgBPRjaxv1Y274WBMgl/zNcDV V7wBXBSHS3k/52HbP/KlL9kuxBKPbl40Kji3Fj2ZOpPuXxM+Y0uaYWeS 0kCgfs2h ; ZSK; alg = RSASHA256 ; key id = 28998 cascocom.com. 3600 IN RRSIG DNSKEY 8 2 3600 20200409011715 20200310001715 28998 cascocom.com. R2yjLkUxmoA8JEmcyaRx/t43OZXINXBjDTA0HhxBgtwhIIK9DRq7RnW1 bNjN88qqzGqjWIIE+AG7Xk+8PXRAUeyQzWFDkMrqbg/qxlBvK+MgMlTJ VdWp2UdoDEn7A6feGNuoS7eBCDD+d+/DDjWZFU3D3YAIr6B7nJiu0hHF 8RQ=
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users