By the way, similar problem occurs in 9.6.2-p1. According to changelog,
support for RSA/SHA-256 (algorithm number 8 in dnssec-related
records) was backported into 9.6.2 from 9.7 (and indeed, 9.6.2 has no
problems with the TLDs recently signed with keys using RSA/SHA-256)
However, after upgrading to 9.6.2-p1, these very records are rejected by
the nameserver:
29-Mar-2010 09:33:59.371 config: error: itar.key:3: configuring trusted
key for 'ARPA.': algorithm is unsupported
Evidently, the RSA/SHA-256 support was removed from p1, but why? (...
accident?).
Daniel Ryslink
On Tue, 30 Mar 2010, Kevin Darcy wrote:
On 3/30/2010 3:53 PM, Markus Feldmann wrote:
Hi All,
i tried to reload my config and zones with rndc. My Bind version is BIND
9.5.1-P3. My rndc.key looks like this.
key feld-server.feldland.lan. {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret TNCrihQV8NjY6bzA5GMJIg==;
};
This is what i also got from creating the sig-key. I still included this
key into my named.conf and into dhcpd.conf.
But i get this message.
rndc: unsupported algorithm: HMAC-MD5.SIG-ALG.REG.INT
What is the Problem?
AFAIK, the only algorithm supported by rndc is "hmac-md5".
-
Kevin
P.S. Why would you copy an rndc key into dhcpd.conf?
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
