"libor.peltan" <[email protected]> writes: > Could you explain if you routinely or occasionally do some manual > adjustments of the keys with keymgr?
I'll look into logs (give me a bit as I'm away from the machine in question at the moment). But some important points: 1. everything is set up for auto-signing and has been for quite some time 2. the keys were indeed imported from bind but otherwise I don't use keymgr manually 3. it is possible I may have backup files of the keys predating the event and will need to check. That might be helpful as well. The irony; the domain in question? dnssec-tools.org (which used to be signed and run by bind tools, but hasn't been for a while -- I *think* since near Q1 2022). -- Wes Hardaker --
