On Mon, 2019-10-14 at 17:56 +0200, Pieter Lexis wrote: > I spotted something that *might* be root of your issue (and perhaps a > small bug on our end).
I think you've spotted the problem. I was running: $ pdnsutil add-zone-key parsemail.org zsk 1024 active rsasha1 Which was creating a new ZSK with an algorithm of 5, when the old KSK and ZSK were both algorithm 7 in the db. When I append "-nsec3-sha1" to the algorithm arg, it started working fine: $ pdnsutil add-zone-key parsemail.org zsk 1024 active rsasha1-nsec3- sha1 Not sure if this was my mistake, or a bug in the program, or a combination, but FWIW, the reason I used "rsasha1" as my argument instead of "rsasha1-nsec3-sha1" was because I felt like that was what the help output was telling me to do: root@ned:~# pdnsutil add-zone-key help Oct 15 08:17:55 Reading random entropy from '/dev/urandom' Syntax: pdnsutil add-zone-key ZONE zsk|ksk [BITS] [active|inactive] [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384] root@ned:~# Thanks for your help, Mike
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
