David Newman <dnew...@networktest.com> wrote: > On 7/30/15 10:37 AM, Evan Hunt wrote: > > On Thu, Jul 30, 2015 at 10:30:33AM -0700, David Newman wrote: > >> > >> Hidden primary (not authoritative for this zone): Key still in zone
I think what you mean here is that the hidden primary is not advertised in the zone's NS RRset. (Whether a server is authoritative for a zone or not depends on the server configuration, not the NS RRset.) > Most zones have four authoritative nameservers, only one of which I > manage. Of the three I don't manage, I'm pretty sure at least two have > no DNSSEC-specific configuration -- a hint that any DNSSEC records they > serve come from this hidden primary. The DNSSEC records come from the zone data like any other records. You don't need any special DNSSEC configuration to act as a secondary for a signed zone - it just works. I don't have any particular suggestions for your problem other than checking zone serial numbers and transfer logs carefully. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Viking, North Utsire, West South Utsire: Variable 3 or 4 becoming southerly or southeasterly 4 or 5, occasionally 6 later. Slight or moderate. Showers. Good, occasionally moderate. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users