[knot-dns-users] Re: bitw signing as secondary

[Daniel Salzman via knot-dns-users]

Hi Randy,

I cannot reproduce your problem. What does `keymgr sld.tld list` say?

Daniel

On 3/20/24 18:53, Randy Bush wrote:

i did generate keying as i would when signing a primary zone

     # keymgr sld.tld generate algorithm=rsasha256 ksk=yes zsk=yes
     7a618eaf94ea1d903233cb547faa24bae8cb49a5
     # knotc zone-reload sld.tld
     OK

After generating any keys you would need "knotc reload" I believe
(instead of zone-reload).

tried too.  but point taked, recipe changed.

Please send the error message you got if this does not help.

<doh>  sorry not to have done that.

     2024-03-20T17:46:02.762674+00:00 rip knotd[3445]: error: [sld.tld.] 
DNSSEC, no keys are available
     2024-03-20T17:46:02.763850+00:00 rip knotd[3445]: error: [sld.tld.] 
DNSSEC, failed to load keys (no keys for signing)
     2024-03-20T17:46:02.764434+00:00 rip knotd[3445]: error: [sld.tld.] zone 
event 're-sign' failed (no keys for signing)

randy
--

--