Re: [knot-dns-users] Knot 1.4.0 a retezec duvery.

Hi, I generate keys (KSK and ZSK) in the directory "/var/lib/knot/ajetaci.cz.keys" by dnssec-keygen command: dnssec-keygen -r /dev/urandom -f KSK ajetaci.cz dnssec-keygen -r /dev/urandom ajetaci.cz I set it in the knot.conf: ... ... ajetaci.cz { dnssec-enable on; dnssec-keydir "ajetaci.cz.keys"; file "ajetaci.cz"; xfr-out slave; # allow outgoing transfers notify-out slave; ixfr-from-differences on; semantic-checks on; } ... ... After "knotc reload" knot signs zone as I can see it in the log: Jan 20 07:18:05 celer knot[809]: DNSSEC: Zone ajetaci.cz. - - Key is valid, tag 36256, file Kajetaci.cz.+005+36256.private, KSK, active, public Jan 20 07:18:05 celer knot[809]: DNSSEC: Zone ajetaci.cz. - - Key is valid, tag 11937, file Kajetaci.cz.+005+11937.private, ZSK, active, public Jan 20 07:18:05 celer knot[809]: DNSSEC: Zone ajetaci.cz. - Successfully signed. Jan 20 07:18:05 celer knot[809]: DNSSEC: Zone ajetaci.cz. - planning next resign 2539522s(705h) from now. I put KSK key "Kajetaci.cz.+005+36256.key" to my KEYSET "KS-JOSEF-KARLIAK-BPBG" over my registrar's web administration (web4u.cz). So the key is published too. I hope so. So what I missed ? Thanks and best regards J.Karliak. Cituji Jan Včelák <jan.vcelak(a)nic.cz>cz>: -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.