On Apr 6 2010, Daniel Ryslink wrote:
By the way, similar problem occurs in 9.6.2-p1. According to changelog, support for RSA/SHA-256 (algorithm number 8 in dnssec-related records) was backported into 9.6.2 from 9.7 (and indeed, 9.6.2 has no problems with the TLDs recently signed with keys using RSA/SHA-256)However, after upgrading to 9.6.2-p1, these very records are rejected by the nameserver:29-Mar-2010 09:33:59.371 config: error: itar.key:3: configuring trusted key for 'ARPA.': algorithm is unsupportedEvidently, the RSA/SHA-256 support was removed from p1, but why? (... accident?).
I can't reproduce this at all. I tried adding a trust anchor for
"uk" (which uses algorithm 8, and is not in dlv.isc.org) to a test
server running 9.6.2-P1. No config error as above, and (after a
bit of cache flushing) it validates records from "uk" fine ("ad" bit
set, etc.).
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
