Niall,
Thanks for reporting back. This is an omission in our KB article that I
will fix.
- Matthijs
On 07-11-2022 18:24, Niall O'Reilly wrote:
On 7 Nov 2022, at 11:40, Niall O'Reilly wrote:
Preparation:
- Set up minimal stand-alone instance of BIND9 named,
configured with a **dnssec-policy** for each algorithm,
matching properties of existing DNSSEC keys, and with
`lifetime unlimited`;
- Deliver current key files and recently-signed copy of
zone files to this instance.
I needed an additional stage of preparation, before delivering
the key files; specifically, I needed to edit the .private
files to 'Private-key-format: v1.3' and add missing lifecycle
metadata.
After doing this, named behaved exactly as expected.
Thanks, Matthijs, for steering me in the right direction,
and for being ready to give me additional help.
/Niall
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
