Found it my problem.
I used to create the CDS records using a binary that has now been
withdrawn by ISC (around November/December 2021) and now use...
dnssec-dsfromkey -C $key
...except I was running that on all keys - including ZSK's...
I have a bash shell script that does the signing.
> On 25 Jan 2022, at 07:35, Mark Elkins wrote:
>
> I've just noticed that in the last few days that "BIND 9.16.22 (Extended
> Support Version) " appears to be generating CDS records for both
> KSK ***and ZSK*** records!
>
> Nothing on my side has been changed although I do run automated
I've just noticed that in the last few days that "BIND 9.16.22 (Extended
Support Version) " appears to be generating CDS records for
both KSK ***and ZSK*** records!
Nothing on my side has been changed although I do run automated updates.
I'm on a Linux machine running Gentoo.
$ dig DNSKEY
3 matches
Mail list logo
