Hello Daniel,

we had to use Knot 2.2 because of OpenSuse 42.1.

Anyway I found my mistake - I used not existing policy while adding a key "...... policy none " :

keymgr zone add domena.cz policy none -> keymgr zone add domena.cz policy default

Now all is fine.

Thanks and best regards

J.Karliak

Dne 29.9.2017 v 16:20 Daniel Salzman napsal(a):

Hello Josef,

Please migrate to a newer version of Knot (2.6.0 or 2.5.5) as with this version
it is much easier to configure DNSSEC signing without manual keymgr assistance.
To be honest, I'm no longer able to use such an old version of Knot :-)

Regards,
Daniel

On 09/29/2017 09:39 AM, josef Karliak wrote:
Hi,
  I maybe missed something. I created kasp direcotry, added knot as a owner.
  In the kasp directory (/var/lib/knot/kasp) runned commands:
keymgr init
keymgr zone add domena.cz policy none
keymgr zone key generate domena.cz algorithm rsasha256 size 2048 ksk

Cannot retrieve policy from KASP (not found).

  Did I missed something ?
  Thanks and best regards
  J.Karliak
-- 
Bc. Josef Karliak 
Správa sítě a elektronické pošty
Fakultní nemocnice Hradec Králové
Odbor výpočetních systémů
Sokolská 581, 500 05 Hradec Králové
Tel.: +420 495 833 931, Mob.: +420 724 235 654
e-mail: josef.karliak@fnhk.cz, http://www.fnhk.cz  
_______________________________________________
knot-dns-users mailing list
knot-dns-users@lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users

-- 
Bc. Josef Karliak 
Správa sítě a elektronické pošty
Fakultní nemocnice Hradec Králové
Odbor výpočetních systémů
Sokolská 581, 500 05 Hradec Králové
Tel.: +420 495 833 931, Mob.: +420 724 235 654
e-mail: josef.karliak@fnhk.cz, http://www.fnhk.cz