playing with 9.9.2b1 and ECDSA

Tony Finch Wed, 15 Aug 2012 12:24:29 -0700

Is automatic signing with ECDSA supposed to work yet? I ran:

$ dnssec-keygen -a ECDSAP256SHA256 -f KSK fanf2.ucam.org
Generating key pair.
Kfanf2.ucam.org.+013+03356
$ dnssec-keygen -a ECDSAP256SHA256  fanf2.ucam.org
Generating key pair.
Kfanf2.ucam.org.+013+63927
$ chmod g+r K*
$ rndc loadkeys fanf2.ucam.org


And BIND said:

15-Aug-2012 19:56:31.942 general: info: received control channel command 
'loadkeys fanf2.ucam.org'
15-Aug-2012 19:56:31.954 general: info: zone fanf2.ucam.org/IN: reconfiguring 
zone keys
15-Aug-2012 19:56:31.969 general: error: zone fanf2.ucam.org/IN: 
update_sigs:add_sigs -> sign failure
(blank line)
15-Aug-2012 19:56:31.970 general: error: zone fanf2.ucam.org/IN: 
sign_apex:update_sigs -> sign failure
(blank line)

dnssec-signzone appears to work.

Tony.
-- 
f.anthony.n.finch  <d...@dotat.at>  http://dotat.at/
Thames, Dover, Wight: South or southwest 4 or 5, increasing 6 at times,
backing southeast later, 3 or 4. Slight or moderate, occasionally rough in
Wight. Showers. Moderate or good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

playing with 9.9.2b1 and ECDSA

Reply via email to