Hi Mike,
On 10/15/19 9:23 AM, Mike Cardwell wrote:
> I think you've spotted the problem. I was running:
>
> $ pdnsutil add-zone-key parsemail.org zsk 1024 active rsasha1
>
> Which was creating a new ZSK with an algorithm of 5, when the old KSK
> and ZSK were both algorithm 7 in the db.
Right, so
On Mon, 2019-10-14 at 17:56 +0200, Pieter Lexis wrote:
> I spotted something that *might* be root of your issue (and perhaps a
> small bug on our end).
I think you've spotted the problem. I was running:
$ pdnsutil add-zone-key parsemail.org zsk 1024 active rsasha1
Which was creating a new ZSK w
Hi Mike,
I spotted something that *might* be root of your issue (and perhaps a
small bug on our end).
On 10/14/19 9:54 AM, Mike Cardwell wrote:
> root@ned:~# pdnsutil add-zone-key parsemail.org zsk 1024 active rsasha1
> Added a ZSK with algorithm = 5, active=1
> Requested specific key size of 102
On Mon, 2019-10-14 at 10:57 +0200, Gert van Dijk wrote:
> On Mon, Oct 14, 2019 at 9:54 AM Mike Cardwell
> wrote:
> > I'm looking into migrating from Bind9 to PowerDNS. [...]
>
> Have you seen the instructions on how to perform a ZSK rollover [1]?
> I
> don't see that you invoke the {activate,deac
On Mon, 2019-10-14 at 10:57 +0200, Gert van Dijk wrote:
> On Mon, Oct 14, 2019 at 9:54 AM Mike Cardwell
> wrote:
> > I'm looking into migrating from Bind9 to PowerDNS. [...]
>
> Have you seen the instructions on how to perform a ZSK rollover [1]?
> I
> don't see that you invoke the {activate,deac
On Mon, Oct 14, 2019 at 9:54 AM Mike Cardwell
wrote:
>
> I'm looking into migrating from Bind9 to PowerDNS. [...]
Have you seen the instructions on how to perform a ZSK rollover [1]? I
don't see that you invoke the {activate,deactivate}-zone-key or the
soa serial number update. (Not sure if you n
On Mon, 2019-10-14 at 08:54 +0100, Mike Cardwell wrote:
> As you can see above I now have 2 ZSKs and 2 RRSIGs with each lookup.
> But when I go to remove the old ZSK:
>
> root@ned:~# pdnsutil remove-zone-key parsemail.org 2
> root@ned:~# pdnsutil list-keys
I did a bad paste in my last email. I q
I'm looking into migrating from Bind9 to PowerDNS. Although I've not
changed nameservers on the domain yet, I've imported my zone file,
imported my existing KSK and ZSK and that works fine:
root@ned:~# pdnsutil list-keys
Zone TypeSizeAlgorithmID Locatio
n
