On 02/10/2022 10:10 am, Matthijs Mekking wrote:
Hi,
There are several things wrong here. The gist of it is that there is
no valid ZSK and since the zone is not properly signed, BIND does not
want to publish the DS record (even if outside BIND you already
published the DS).
You can tell that
Hi,
There are several things wrong here. The gist of it is that there is no
valid ZSK and since the zone is not properly signed, BIND does not want
to publish the DS record (even if outside BIND you already published the
DS).
You can tell that BIND does not agree because it did not publish
version: bind9-devel-9.17.18.a0.2021.10.08
Debug logs from yesterday for this zone (none in todays log):
<183>1 2022-02-09T02:18:28.587884-06:00 thebighonker.lerctr.org named
44101 - - 09-Feb-2022 02:18:28.587 dnssec: debug 1: keymgr: keyring:
lerctr.org/RSASHA256/8385 (policy ler1)
<183>1
Hi Larry,
There has been several bug fixes for dnssec-policy since its
introduction. What version of 9.17 are you running?
I can't tell what causes the ds to stay in the hidden state. The timings
in the state file should allow it to move to the next state.
If you were able to turn on
4 matches
Mail list logo
