Thanks. rm'd the file and added the timers. (I did that also after sending, so it is the deleting the old file that did the trick.) The start-up lines look good.
Got an AD bit again too. (I may have a few more issues as I move this off a laptop on to a regular machine. Right now it helps knowing where the loose bits are stored.) On 4/20/15, 15:12, "Evan Hunt" <e...@isc.org> wrote: >On Mon, Apr 20, 2015 at 06:42:42PM +0000, Edward Lewis wrote: >> Being that I'm working on a laptop (hence on on over the weekend) I've >>had >> to recreate the environment today. I'm a bit more puzzled now. > >There's a separate file that named creates to keep the current >managed keys state information -- it's based on the view name, >so in your case it'll be "recursive.mkeys" (and possibly >"recursive.mkeys.jnl"). I suspect it still has the key from >Friday in it, and that's messing things up. Delete that file and >reinitialize, then leave the server up and running (not forgetting >to use -T mkeytimers=H/D/M, where M is no more than 3600 seconds, >because keyroll.systems rolls its keys every hour and normal RFC >5011 processing can't handle that), and you should be in good shape. > >-- >Evan Hunt -- e...@isc.org >Internet Systems Consortium, Inc.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
