[dns-operations] Problem with BIND 9.9.5 and automatic ZSK rollover?
Sebastian Wiesinger
dns-operations at ml.karotte.org
Tue Jun 10 12:01:58 UTC 2014
* Sebastian Wiesinger <dns-operations at ml.karotte.org> [2014-06-10 12:01]:
> I tried to rollover the ZSK from keyid 38946 to keyid 50205 without
> double-signing (deactivate old key and activate the new one at the
> same time). The metadata for the keys is:
Okay, after using 'rndc sign karotte.org' the zone is now signed by
both the new and the old key. :/ So double the size of the zone. It
seems to me that the key rollover without double signing is not really
working with BIND 9.9.5.
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
More information about the dns-operations
mailing list