do not stupidly delete ZSK files
dot at dotat.at
Fri Jul 31 11:33:26 UTC 2015
David Newman <dnewman at networktest.com> wrote:
> On 7/30/15 10:37 AM, Evan Hunt wrote:
> > On Thu, Jul 30, 2015 at 10:30:33AM -0700, David Newman wrote:
> >> Hidden primary (not authoritative for this zone): Key still in zone
I think what you mean here is that the hidden primary is not advertised in
the zone's NS RRset. (Whether a server is authoritative for a zone or not
depends on the server configuration, not the NS RRset.)
> Most zones have four authoritative nameservers, only one of which I
> manage. Of the three I don't manage, I'm pretty sure at least two have
> no DNSSEC-specific configuration -- a hint that any DNSSEC records they
> serve come from this hidden primary.
The DNSSEC records come from the zone data like any other records. You
don't need any special DNSSEC configuration to act as a secondary for a
signed zone - it just works.
I don't have any particular suggestions for your problem other than
checking zone serial numbers and transfer logs carefully.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Viking, North Utsire, West South Utsire: Variable 3 or 4 becoming southerly or
southeasterly 4 or 5, occasionally 6 later. Slight or moderate. Showers. Good,
More information about the bind-users