Hi Carsten,
This is too little information to figure out what is going on.
Can you share (offline if you wish) the output of 'rndc dnssec -status
'?
Can you share the contents of the ".state" files for the given zone?
And can you enable debug logs (level 3) (I am particularly the "keymgr"
Hi,
I have a situation where in a BIND 9 zone with dnssec-policy and
inline-signing, after a ZSK rollover, the (old) ZSK is refusing to retire.
Although the timing metadata shows the retire and deletion dates in the past,
the ZSK is still in the zone and is signing the records (along with the
2 matches
Mail list logo
