>> i did generate keying as i would when signing a primary zone
>>
>> # keymgr sld.tld generate algorithm=rsasha256 ksk=yes zsk=yes
>> 7a618eaf94ea1d903233cb547faa24bae8cb49a5
>> # knotc zone-reload sld.tld
>> OK
>
> After generating any keys you would need "knotc reload" I believe
> (instead of zone-reload).
tried too. but point taked, recipe changed.
> Please send the error message you got if this does not help.
<doh> sorry not to have done that.
2024-03-20T17:46:02.762674+00:00 rip knotd[3445]: error: [sld.tld.] DNSSEC,
no keys are available
2024-03-20T17:46:02.763850+00:00 rip knotd[3445]: error: [sld.tld.] DNSSEC,
failed to load keys (no keys for signing)
2024-03-20T17:46:02.764434+00:00 rip knotd[3445]: error: [sld.tld.] zone
event 're-sign' failed (no keys for signing)
randy
--
