On 2022 Apr 10, at 05:37, Bjørn Mork <bj...@mork.no> wrote: > "@lbutlr" <krem...@kreme.com> writes: > >> # dnssec-keygen -a 13 example,com >> # dnssec-keygen -f KSK -a 13 example,com >> >> Add $INLCUDE to the zone file for each of these 4 keys. > > 4? You've generated 2 key pairs. There should be only 2 public keys > included in the zone.
Ah, right, of course. I knew it was something dumb. > But I can recommend the automated zone maintenance instead, either using > the modern "dnssec-policy": I do have that set, but getting the domain setup in the first place seemed to still be necessary. Now to find the DS key... -- "He has never been known to use a word that might send a reader to the dictionary." - William Faulkner (about Ernest Hemingway). -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users