Hello, I have a multiple server ispc 3.2.7p1 I have an issue when signing my zone. I switch to DEBUG mode. When signing it says : Code: safe_exec cmd: cd '/etc/bind'; named-checkzone 'mydom.fr' '/etc/bind/pri.mydom.fr' | egrep -ho '[0-9]{10}' - return code: 0 dnssec-signzone: fatal: 'mydom.fr': found DS RRset without NS RRset When looking at my zone /etc/bind/pri.mydom.fr Code: $TTL 3600 @ IN SOA ns1.server.fr. hostmaster.mydom.fr. ( 2022041211 ; serial, todays date + todays serial # 14400 ; refresh, seconds 3600 ; retry, seconds 604800 ; expire, seconds 3600 ) ; minimum, seconds ; mydom.fr. 3600 A x.x.x.x www 3600 A x.x.x.x mydom.fr. 3600 AAAA y:y:y:y::1 www 3600 AAAA y:y:y:y::1 mydom.fr. 3600 CAA 0 issue "letsencrypt.org" mydom.fr. 3600 DS 2946 13 2 5E5BF53C0-cut-5AC8CE94CD2D2F2CE7C619 EE4117 mydom.fr. 3600 MX 0 mail1.server.fr. mydom.fr. 3600 NS ns1.server.fr. mydom.fr. 3600 NS ns2.server.fr. mykey._domainkey.mydom.fr. 3600 TXT "v=DKIM1; t=s; p=MIIBIjANBgkqhkiG9w0BAQEF-cut-41L3Chv6L/mUA3qI5WdVPv fTP/+AJbUJsVGaaHqLQIDAQAB" mydom.fr. 3600 TXT "v=spf1 mx a -all" _dmarc.mydom.fr. 3600 TXT "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0:1:d:s; adkim=s; aspf=s" $INCLUDE Kmydom.fr.+013+02946.key $INCLUDE Kmydom.fr.+013+23638.key so that I am worried ! thanks for your help
DS records belong in the parent zone, ie. mydom.fr. DS record belongs in the fr. zone. You probably need to add it via your domain registrar.
