DNSSEC and slaves error

Nick Edwards nick.z.edwards at gmail.com
Wed Mar 7 23:43:01 UTC 2012


On 3/7/12, Mark Andrews  wrote:

>> resigned it again as about 3 months using:    dnssec-signzone -a -e
>> +15724800 -K keys/ -N INCREMENT guilty_domain.here
>
> You should have fed dnssec-signzone the old signed zone not the unsigned
> zone.
>
> dnssec-signzone -f guilty_domain.here.signed .... -N INCREMENT
> guilty_domain.here.signed
>

Thank you Mark, in all of the so called "howto's" I've read, I recall
none of them mentioning resigning the "signed file".
I've changed my cheat sheet to reflect above is only useful for
initial signing, and your example as all subsequent signings

Thanks again.



More information about the bind-users mailing list