I find it a little confusing: the pdnssec show-zone shows on all servers (master and slaves) that the domain is not presigned.
My knowledge on DnsSec isn't that great, but what I tested is that when the keys on the slaves (stored in the cryptokeys table) are out of sync with the master, I have to remove them on both slave servers from the cryptokeys table. After that I update the serial and the zone is synced using AXFR from the master to both slaves and the keys are fixed. Maybe there is indeed some code in PowerDNS that sets the presigned flag automaticly, but why isn't that adjusted in the show-zone on the master and/or the slaves? And why aren't the keys synced when not in sync with the master, even when the serial is updated? Regards, Marc -- View this message in context: http://powerdns.13854.n7.nabble.com/Different-RRSIG-s-on-master-and-slaves-tp10349p10369.html Sent from the PowerDNS mailing list archive at Nabble.com. _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
