Hi Bastien,
thank you for clarification.
One more question: you confirmed that re-signing of the zone with `knotc
zone-sign` solved the issue and the same DDNS was appliable afterards.
Could you please find in the output of `kjournalprint durel.org.` the
changeset created at the re-sign, and describe what is there besides all
the RRSIGs re-creation?
Libor
Dne 15.10.19 v 23:31 Bastien Durel napsal(a):
On 15/10/2019 18:29, libor.peltan wrote:
Hi Bastien,
could you please detail on how did the DDNSes roughly look like? For
example, if they contained adding/removing NSEC3 records or their
RRSIGs?
Thanks,
Hello
The DDNSes I use are ACME-related, so I have insertions, like this :
server 10.42.42.21
zone
geekwu.org.
origin
geekwu.org.
ttl 600
add
_acme-challenge.foo.durel.org. 600 in TXT "bar"
send
quit
or deletions, that are the same format (script generated)
All message are then sent by knsupdate -k /path/to/key $file
Regards,