20 Bře
2024
20 Bře
'24
18:53
i did generate
keying as i would when signing a primary zone
# keymgr sld.tld generate algorithm=rsasha256 ksk=yes zsk=yes
7a618eaf94ea1d903233cb547faa24bae8cb49a5
# knotc zone-reload sld.tld
OK
After generating any keys you would need "knotc reload" I believe
(instead of zone-reload). Please send the error message you got if this does not
help.
<doh> sorry not to have done that.
2024-03-20T17:46:02.762674+00:00 rip knotd[3445]: error: [sld.tld.] DNSSEC, no keys
are available
2024-03-20T17:46:02.763850+00:00 rip knotd[3445]: error: [sld.tld.] DNSSEC, failed to
load keys (no keys for signing)
2024-03-20T17:46:02.764434+00:00 rip knotd[3445]: error: [sld.tld.] zone event
're-sign' failed (no keys for signing)
randy