"@lbutlr" <krem...@kreme.com> writes: > # dnssec-keygen -a 13 example,com > # dnssec-keygen -f KSK -a 13 example,com > > Add $INLCUDE to the zone file for each of these 4 keys.
4? You've generated 2 key pairs. There should be only 2 public keys included in the zone. > dnssec-signzone: warning: keys/Kexample.com.+013+55923.private:1: unknown RR > type 'v1.3' Right. Don't publish anything named "private" in the zone file... But I can recommend the automated zone maintenance instead, either using the modern "dnssec-policy": https://bind9.readthedocs.io/en/latest/dnssec-guide.html#enabling-automated-dnssec-zone-maintenance-and-key-generation or the older "auto-dnssec maintain". There's no need for any of the manual steps you are doing. Bjørn -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users