Cannot import keys into dnssec-policy
Bagas Sanjaya
bagasdotme at gmail.com
Wed Apr 9 07:29:42 UTC 2025
On Tue, Apr 08, 2025 at 07:38:44AM -0500, Matthijs Mekking wrote:
> This time I was able to reproduce, thanks.
>
> The reason why the key created by dnssec-keygen is retired because named
> thinks it was in use already. When there is key timing metadata, the key is
> considered to be in use (now or in the past).
>
> Only not previously used keys are considered as a successor in key
> rollovers.
>
> Try generating the key with dnssec-keygen -G. This will create a key without
> setting timing metadata.
Indeed it solves the problem. Thanks!
>
> I will update the documentation accordingly.
Both in KB and dnssec guide in BIND ARM?
--
An old man doll... just what I always wanted! - Clara
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20250409/7f0e7e74/attachment.sig>
More information about the bind-users
mailing list