Hi!
It seems I do have a problem with dnssec policy. DNSSEC for wisser.se is
automatically managed by knot. If you do a "dig dnskey wisser.se" you will
find a lot of old ZSK in my zone.
I did some "digging" with the keymgr tool and found the following conf for
all old keys
algorithm 8
size 2048
flags 256
active -1
retire 0
remove 0
I guess the retire and remove values are the problem. How do I set them for
the old keys? And how do I configure my policy to set them for future keys?
Kind regards
Ulrich
--
Ulrich Wisser
ulrich(a)wisser.se