Hi Larry,
Without more information it is hard to tell what is going on.
Can you share your dnssec-policy and the contents of the key state file?
And if you have useful logs (grep for keymgr) that would be handy too to
see what is going on.
If you prefer to share them off list, you can mail them me directly.
Best regards,
Matthijs
On 08-02-2022 18:00, Larry Rosenman wrote:
Greetings,
new poster. I just converted over to DNSSEC-policy, and rolled my
KSK. I see:
key: 269 (RSASHA256), KSK
published: yes - since Sun Feb 6 14:31:32 2022
key signing: yes - since Sun Feb 6 14:31:32 2022
No rollover scheduled
- goal: omnipresent
- dnskey: omnipresent
- ds: hidden
- key rrsig: omnipresent
ler in thebighonker in namedb🔒 on master [!] as 🧙
❯
Is it normal to see the ds as hidden? It IS published, and I told rndc
that.
Any insight appreciated.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
