[knot-dns-users] Re: Why does knot need so much prodding to XFR and sign my zones?

Daniel, here I'm comparing apples and bits of bitter chocolate because a) version 3.2.5 instead of 3.2.0, and b) a much cheaper HSM. I add the zone to the configuration, reload the server, and it works as expected: 2023-02-11T19:12:07+0100 info: [tt10.] zone will be loaded 2023-02-11T19:12:07+0100 info: configuration reloaded 2023-02-11T19:12:07+0100 info: [tt10.] failed to parse zone file ... (not exists) 2023-02-11T19:12:07+0100 info: [tt10.] zone will be bootstrapped 2023-02-11T19:12:07+0100 info: [tt10.] AXFR, incoming, remote ... finished, 0.00 seconds, 1 messages, 449 bytes 2023-02-11T19:12:08+0100 info: [tt10.] DNSSEC, key, tag 34035, algorithm ECDSAP256SHA256, KSK, public, active 2023-02-11T19:12:08+0100 info: [tt10.] DNSSEC, key, tag 29038, algorithm ECDSAP256SHA256, public, active 2023-02-11T19:12:08+0100 info: [tt10.] DNSSEC, signing started 2023-02-11T19:12:11+0100 info: [tt10.] DNSSEC, successfully signed 2023-02-11T19:12:11+0100 info: [tt10.] DNSSEC, next signing at 2023-02-25T18:12:09+0100 2023-02-11T19:12:11+0100 info: [tt10.] zone file updated, serial 4 So, assuming your last test with the Keyper was with 3.2.5 we'll leave this as is until we've been able to upgrade Knot to the latest version. Thank you very much for your help! Best regards, -JP