dnssec-signzone ignoring "-x" option?

Paul Wouters paul at cypherpunks.ca
Tue Sep 18 17:30:32 UTC 2012

On Mon, 17 Sep 2012, Evan Hunt wrote:

>> Does anyone use dnssec-signzone with -x? If so, can you check/tell me
>> your DNSKEY RRset?

> I just tested it with "dnssec-signzone -Sx example.com" and
> "dnssec-signzone -x example.com", on 9.9.2 and 9.7.4, and it worked
> as expected in all cases.
> Were you signing your zone from scratch, or re-signing a zone that
> was already signed?  If there was a pre-existing ZSK signature,
> the signing process might have left it in place.

Bingo. That was the problem.



More information about the bind-users mailing list