[Pdns-users] Slaves do not return RRSIGs when DO flag is set
Leon Weber
leon at leonweber.de
Tue Aug 5 19:53:13 UTC 2014
On 05.08.2014 17:52:05, Julian K. wrote:
> Aug 5 17:11:08 h1988784 pdns[12055]: Domain 'ssl-tools.net' is
> fresh (not presigned, no RRSIG check)
There’s your problem: not presigned. You need to set them “presigned”
so that pdns knows they’re signed and that it needs to send rrsig
records. To do this, you’ll need to run
pdnssec set-presigned zone
See [1] for documentation.
-- Leon.
[1] <http://doc.powerdns.com/html/dnssec-migration.html#dnssec-dnssec-migration-presigned>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140805/1542055c/attachment-0001.sig>
More information about the Pdns-users
mailing list