"auto-dnssec maintain; " and key "missing or inactive and has no replacement"
dot at dotat.at
Fri Jul 26 13:20:26 UTC 2013
On 26 Jul 2013, at 07:52, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Thu, Jul 25, 2013 at 12:05:35AM +0100,
> Tony Finch <dot at dotat.at> wrote
> a message of 21 lines which said:
>> Does the zone have only one key which is a KSK?
> Yes. I tested with two keys, a KSK and a ZSK and the warning
> disappears. Do you mean it is a spurious warning when there is only
> one key (a CSK, as in co.uk)?
Looks like it, but I only took a brief look at the code to find out where the warning came from. I don't know what the other implications might be, if any...
I think the option you want for a CSK zone is update-check-ksk, but I have not tried it myself.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
More information about the bind-users