Bastien Durel <bast...@durel.org> writes: > > could you please have a deeper look into the history of the zone in > > the log file (or share it) ? There should be the answer hidden > > somewhere...
FYI, I hit this exact same problem recently. One of my zones stopped signing because the KSK was marked as not active. I used the same solution to redeploy it. And it only happened with one zone. You can see the effects in this graph showing that all the other zones kept resigning on a regular basis but one had a slow downward trend toward expiring (which I caught 4 days out): https://capturedonearth.com/temp/dnssec-days-remaining.png Note that I also had a power failure a few days before (on the night of the 4th/5th). I have a hard time seeing why it would be related but in theory I supposed it could be. -- Wes Hardaker --
