dnssec-signzone ignoring "-x" option?

Evan Hunt each at isc.org
Mon Sep 17 21:54:22 UTC 2012

> Does anyone use dnssec-signzone with -x? If so, can you check/tell me
> your DNSKEY RRset? And if it works, could you reveal the full
> commandline argument used, the bind version, and whether any pkcs#11
> provider was compiled in?

I just tested it with "dnssec-signzone -Sx example.com" and
"dnssec-signzone -x example.com", on 9.9.2 and 9.7.4, and it worked
as expected in all cases.

Were you signing your zone from scratch, or re-signing a zone that
was already signed?  If there was a pre-existing ZSK signature,
the signing process might have left it in place.

Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.

More information about the bind-users mailing list