DNSSEC and slaves error
Nick Edwards
nick.z.edwards at gmail.com
Wed Mar 7 23:43:01 UTC 2012
On 3/7/12, Mark Andrews wrote:
>> resigned it again as about 3 months using: dnssec-signzone -a -e
>> +15724800 -K keys/ -N INCREMENT guilty_domain.here
>
> You should have fed dnssec-signzone the old signed zone not the unsigned
> zone.
>
> dnssec-signzone -f guilty_domain.here.signed .... -N INCREMENT
> guilty_domain.here.signed
>
Thank you Mark, in all of the so called "howto's" I've read, I recall
none of them mentioning resigning the "signed file".
I've changed my cheat sheet to reflect above is only useful for
initial signing, and your example as all subsequent signings
Thanks again.
More information about the bind-users
mailing list