Re: BIND 9.7.3 and NSEC3 hash algorithms 5 & 7 (RSA/SHA-1)

2012-11-05 Thread Antonio Marcos López Alonso
El Lunes 05 noviembre 2012 13:05:30 Mark Andrews escribió: > In message <201211051239.55119.a...@ipna.csic.es>, Antonio Marcos > =?utf-8?q?L=C > > 3=B3pez_Alonso?= writes: > > El Lunes 05 noviembre 2012 12:16:31 Mark Andrews escribiĆ³: > > > In message <201211051152.45367.a...@ipna.csic.es>, Anton

Re: BIND 9.7.3 and NSEC3 hash algorithms 5 & 7 (RSA/SHA-1)

2012-11-05 Thread Mark Andrews
In message <201211051239.55119.a...@ipna.csic.es>, Antonio Marcos =?utf-8?q?L=C 3=B3pez_Alonso?= writes: > El Lunes 05 noviembre 2012 12:16:31 Mark Andrews escribió: > > In message <201211051152.45367.a...@ipna.csic.es>, Antonio Marcos > > =?iso-8859-1? > > > > q?L=F3pez_Alonso?= writes: > > > H

Re: BIND 9.7.3 and NSEC3 hash algorithms 5 & 7 (RSA/SHA-1)

2012-11-05 Thread Antonio Marcos López Alonso
El Lunes 05 noviembre 2012 12:16:31 Mark Andrews escribió: > In message <201211051152.45367.a...@ipna.csic.es>, Antonio Marcos > =?iso-8859-1? > > q?L=F3pez_Alonso?= writes: > > Hi, > > > > I'm testing a DNSSEC server using BIND 9.7.3 and OpenDNSSEC. I have > > succesfully signed my local zone wi

Re: BIND 9.7.3 and NSEC3 hash algorithms 5 & 7 (RSA/SHA-1)

2012-11-05 Thread Mark Andrews
In message <201211051152.45367.a...@ipna.csic.es>, Antonio Marcos =?iso-8859-1? q?L=F3pez_Alonso?= writes: > Hi, > > I'm testing a DNSSEC server using BIND 9.7.3 and OpenDNSSEC. I have > succesfully signed my local zone with ods tools and NSEC3 RSA/SHA1 (algorithm > s > 5 and 7, both being alia

BIND 9.7.3 and NSEC3 hash algorithms 5 & 7 (RSA/SHA-1)

2012-11-05 Thread Antonio Marcos López Alonso
Hi, I'm testing a DNSSEC server using BIND 9.7.3 and OpenDNSSEC. I have succesfully signed my local zone with ods tools and NSEC3 RSA/SHA1 (algorithms 5 and 7, both being aliases), but BIND refuses to load the zone complaining these algorithms are not supported: general: warning: zone myzone.m

Re: Lots of "RSA_verify failed" after upgrade to 9.7.7

2012-11-05 Thread Mark Andrews
In message <20121105092813.ge34...@pol-server.leissner.se>, Peter Olsson writes : > Yesterday I upgraded our slave DNS (running FreeBSD 7.4) > from bind 9.7.6.4 to 9.7.7. The server uses bind97 from > ports. > > After that upgrade I get lots of these in syslog: > > RSA_verify failed error:040770

Lots of "RSA_verify failed" after upgrade to 9.7.7

2012-11-05 Thread Peter Olsson
Yesterday I upgraded our slave DNS (running FreeBSD 7.4) from bind 9.7.6.4 to 9.7.7. The server uses bind97 from ports. After that upgrade I get lots of these in syslog: RSA_verify failed error:04077068:rsa routines:RSA_verify:bad signature:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/c