"auto-dnssec maintain; " and key "missing or inactive and has no replacement"

Tony Finch dot at dotat.at
Fri Jul 26 13:20:26 UTC 2013


On 26 Jul 2013, at 07:52, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> On Thu, Jul 25, 2013 at 12:05:35AM +0100,
> Tony Finch <dot at dotat.at> wrote 
> a message of 21 lines which said:
> 
>> Does the zone have only one key which is a KSK?
> 
> Yes. I tested with two keys, a KSK and a ZSK and the warning
> disappears. Do you mean it is a spurious warning when there is only
> one key (a CSK, as in co.uk)?

Looks like it, but I only took a brief look at the code to find out where the warning came from. I don't know what the other implications might be, if any...

I think the option you want for a CSK zone is update-check-ksk, but I have not tried it myself.

Tony.
--
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/



More information about the bind-users mailing list