Nothing wrong here. The A RRset will be signed with the new key
when it falls due for re-signing as there is a existing RRSIG using
algorithm 8. The SOA was signed as the DNSKEY was added which
required the SOA to be updated as well.
You can force named to re-sign all the RRsets but there is no
A newly minted ZSK signs a domain's SOA but not its A or MX records.
What basic config step did I miss?
For the domain 'trikids123.com' I created and installed a new ZSK with a
key ID of 28053 using these commands:
dnssec-keygen -a 8 -b 1024 trikids123.com
chown bind:bind * # this is bind910 on
2 matches
Mail list logo
