-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi gaolei,
> A key in 'retire' status seems to still being used to sign new RR. > But the 'active' key was not used to generate signature of RR. Does > it mean the OPENDNSSEC was working abnormally? That indeed seems abnormal. My guess is that -for whatever reason- the signer did not pick up the changes signer configuration output by the enforcer. Does "ods-signer update testzone17" help? Then add a new record and check with which key it was signed. //Yuri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlZdoZIACgkQI3PTR4mhavgQUgCeN6RXgSirL91KaP4Uy/5cETkg imkAn1P6vRIIeAsiEuB6WWw/jty2igW+ =1rTn -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
