DNSSEC and slaves error
Nick Edwards
nick.z.edwards at gmail.com
Thu Mar 8 02:15:59 UTC 2012
On 3/8/12, Nick Edwards <nick.z.edwards at gmail.com> wrote:
> On 3/7/12, Mark Andrews wrote:
>
>>> resigned it again as about 3 months using: dnssec-signzone -a -e
>>> +15724800 -K keys/ -N INCREMENT guilty_domain.here
>>
>> You should have fed dnssec-signzone the old signed zone not the unsigned
>> zone.
>>
>> dnssec-signzone -f guilty_domain.here.signed .... -N INCREMENT
>> guilty_domain.here.signed
>>
>
> Thank you Mark, in all of the so called "howto's" I've read, I recall
> none of them mentioning resigning the "signed file".
> I've changed my cheat sheet to reflect above is only useful for
> initial signing, and your example as all subsequent signings
>
> Thanks again.
>
Hrmm, is thatreally the correct command?
dnssec-signzone -f xxxxxx.org.signed -a -e +15724800 -K keys/ -N
INCREMENT xxxxxx.org.signed
fatal: failed loading zone from 'xxxxxxx.org.signed': not at top of zone
More information about the bind-users
mailing list