On 8/18/16 1:29 PM, Jim Fenton wrote: > The extra DNSKEY records were not present in the zone file of the master > server, so I reinitiated a zone transfer and this did not help. I > checked the signed zone file on the master with named-checkzone and only > the desired DNSKEY records were there.
Had your slaves done a successful zone transfer of the newly signed data? How did you check to see that the DNSKEYs were actually there? Remember that the text versions of the zone files on slaves are only updated about every 15 minutes, so you may have been looking at "stale" data that was only in the human readable version. If you did a "dig @127.0.0.1 zone DNSKEY" while logged into the slave, you would know for certain what was being served. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
