auto-dnssec sanity check (please)

Jim Popovitch jimpop at gmail.com
Thu Oct 1 15:06:20 UTC 2015


Hello,

I recently rollled out auto-dnssec and inline-signing (v9.9.5), and
today (1-Oct 00:00 UTC) was the first automatic zsk rollover.
According to http://dnsviz.net/d/domainmail.org/dnssec/ it appears
that the SOA is signed by the new zsk, but the rest of the RRs are
still signed by the old.  That concerns me.   Is it as simple as
cached responses?


-Jim P.


More information about the bind-users mailing list