On Thu, Jul 9, 2020 at 6:44 AM Daniel Stirnimann < daniel.stirnim...@switch.ch> wrote:
> > On 09.07.20 11:51, Klaus Darilion wrote: > >>> So, how is the correct process to add an additional DNSKEY (only the > public > >> key is known). > >> > >> I think you are looking for `dnssec-importkey`. > > > > Indeed. I imported the key and got a .key and .private file. I put those > files in the same directory as the other keys, gave read permissions to > bind and executed: > > rndc loadkeys myzone > > rndc sign myzone > > > > But the additional key is not added to the reponse of DNSKEY queries. > > Does the key have correct timing metadata in the key file? > > Have a look at "dnssec-settime". > You can also set the timing metadata with dnssec-importkey itself (so that you don't have to separately run dnssec-settime), e.g. to activate key 5 minutes from now: dnssec-importkey -P +5mi -K Kexample.com.+013+23941.key Shumon.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users