20 Bře
2024
20 Bře
'24
19:20
Hi Randy,
I cannot reproduce your problem. What does `keymgr sld.tld list` say?
Daniel
On 3/20/24 18:53, Randy Bush wrote:
tried too. but point taked, recipe changed.
i did generate keying as i would when signing a
primary zone
# keymgr sld.tld generate algorithm=rsasha256 ksk=yes zsk=yes
7a618eaf94ea1d903233cb547faa24bae8cb49a5
# knotc zone-reload sld.tld
OK
After generating any keys you would need "knotc reload" I believe
(instead of zone-reload). Please send the error message you got if this
does not help.
<doh> sorry not to have done that.
2024-03-20T17:46:02.762674+00:00 rip knotd[3445]: error: [sld.tld.] DNSSEC, no keys
are available
2024-03-20T17:46:02.763850+00:00 rip knotd[3445]: error: [sld.tld.] DNSSEC, failed
to load keys (no keys for signing)
2024-03-20T17:46:02.764434+00:00 rip knotd[3445]: error: [sld.tld.] zone event
're-sign' failed (no keys for signing)
randy
--