dnssec-signzone ignoring "-x" option?
each at isc.org
Mon Sep 17 21:54:22 UTC 2012
> Does anyone use dnssec-signzone with -x? If so, can you check/tell me
> your DNSKEY RRset? And if it works, could you reveal the full
> commandline argument used, the bind version, and whether any pkcs#11
> provider was compiled in?
I just tested it with "dnssec-signzone -Sx example.com" and
"dnssec-signzone -x example.com", on 9.9.2 and 9.7.4, and it worked
as expected in all cases.
Were you signing your zone from scratch, or re-signing a zone that
was already signed? If there was a pre-existing ZSK signature,
the signing process might have left it in place.
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users