Hopefully this is a "duh" moment that I'm having. I am testing out what happens
when you have set the ZSK inactive and delete times and then try to sign the
zone via a rndc reload zonename command (using static zone file with inline
signing).
We have 3 keys as listed below:
KSK - 63406
ZSK - 1
On Dec 1 2011, McConville, Kevin wrote:
Hopefully this is a "duh" moment that I'm having. I am testing out what
happens when you have set the ZSK inactive and delete times and then try
to sign the zone via a rndc reload zonename command (using static zone
file with inline signing).
We have 3 ke
On Thu, 1 Dec 2011, Chris Thompson wrote:
I think that because you have told it to inactivate and indeed delete both
ZSKs, in desperation it has signed the whole zone with the the only remaining
key, even though it has the SEP bit set.
The SEP bit does not mean "do not sign zone data". It mean
3 matches
Mail list logo
