I'm trying to understand why my DNS zone refuses to get updated/signed.
After an "rndc reload" I get this in the named-pkcs11 logs:
failed to parse RR entry: resource record DN
update_record (syncrepl) failed, resource record DN
change type 0x1. Records can be outdated, run `rndc reload`: syntax
zone example.com/IN (signed): could not get zone keys for secure dynamic
zone example/IN (signed): receive_secure_serial: unchanged
Naturally, i checked the DNSSEC Troubleshoot guide :
- Zone is set to have in-line signing
- It appears on the zone list command to ods-ksmutil
- The KSK and ZSK keys are both active and have not expired
- The [...]/localhsm.py script result looks ok according to the expected
The question now is. How can I fix this?
Also, if the only fix is to disable and re-enable DNSSEC, does that have
Thanks in advance!
Carlos Mogas da Silva
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org