@lbutlr <krem...@kreme.com> wrote:
>
> I update the last of my zones over a month ago and they are still
> showing alg-7.
>
> I'm sure I missed a step on these specific domains, but there are only a
> handful that are still using alg-7 and many more that are now on alg-13
> only.
Hmm, curious!
If you have swapped the DS records already, then all that is left to do is
remove the remains of the old algorithm. Have a look at the keys for the
problem zones like this:
grep ^ Kexample.com.*.key
The algorithm 7 keys should all have inactive and delete times. If some of
the times are missing then you can fix it by re-doing the "decommission
old algorithm" step in my notes. It should get cleaned up immediately.
https://www.dns.cam.ac.uk/news/2020-01-15-rollover.html
If that doesn't fix it, then the problem is elsewhere...
Tony.
--
f.anthony.n.finch <d...@dotat.at> https://dotat.at/
Forties, Cromarty, Forth: North or northeast 2 to 4. Slight
occasionally moderate. Showers. Good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
