DNSSEC and NSEC missing ZSK?

at lbutlr at lbutlr
Tue Feb 9 12:17:56 UTC 2021

On 08 Feb 2021, at 11:10, @lbutlr <kremels at kreme.com> wrote:
> That recreates the .signed.jnl and not the .signed file. No errors are reported.

Well, I have finally ogttenteh test zone to the point where dnssec-verify is happy and everything that I can check also seems happy except dnsviz which is very very VERY angry and basically says the zone is entirely garabge. I am hoping this is a propagation issue, but I kind of doubt it since it should be quarrying the authoritative DNS for the DNSKEY and RRSIG and such, I'd think.

I'll give it a couple of days and see where I am there before I try to move any domains that are actually used.

Thanks everyone for prods and hints along this path.

When and where does this "real world" occur?!

More information about the bind-users mailing list